9 



Search report 


SI 
S2 


S3 
S4 


S5 

S6 

S7 

S8 

S9 

S10 

Sll 

S12 

S13 

S14 

S15 

S16 


985254 PROBE? ? OR SENTRY OR SCANNER? ? OR SENSOR? ? 
6830711 MONITOR? ? OR DETECT? ? OR' DETECTION OR INTRUD? OR INTRUSI- 
ON OR RESPONSE OR ALERT? OR INCIDENT? ? OR INCIDENCE OR ATTAC- 
K? OR ANALY?S OR ANALYZE OR SENSORY (W) TECHNOLOGY OR FILTER 

565143 SURVEILLANCE OR CRYPTOGRAPH? OR TROJAN () HORSE OR FOOTPRINT? 
OR VULNERABIL? ^>f : '> 

202771 (NETWORK OR NT) (5N) SECURITY OR INTELLI GEN? () DATABASE? ? OR 
MANAGED ( ) SECURITY ( ) MONITORING OR SECURE (W) OPERATION? OR SECU- 
RITY (W) ANALYST OR SECURITY (W) ENGINEER OR NETWORK ( (ADMINISTRAT- 
OR 

211 S1(2N)S2(2N)S3(2N)S4 
176 S1(1N)S2(2N)S3(2N)S4 - 

0 S6 AND '( SECOR(4N) OPERATION? (4N) CENTER?) 
0 S6 AND (SECURE (4N) OPERATION? ?) 
72 RD 6 (unique items) 
2 S9(2N) MONITOR? 
0 S9(5N) ANALYST 
2 S10 (4N) SECURITY ' ' 

71 S9(4N) NETWORK - ^ 

71 S9(2N) NETWORK 

2 S10 OR S12 "^ ■ * ; ■ 

25 S9 AND NETWORK/ T I • /■ — 4 



2 


Search report 


...on investment. The other complaint is that most framework products cion ! t 
provide tools to respond to the alarm . " 

Provision, however, delivers a modular tool set — that is, a set of 
specialized tools that. . . 

...to enterprise management system vendor, Tivoli Systems, points out that 
in order to go beyond monitoring network and system events to 
actually managing performance, analysis:.. -is required. 

"An event correlation engine is used to analyze real-time event data 
in. . .accomplish the correlation of monitored server events. PerfMan, he 
stresses, is not a real-time event monitor . 

"PerfMan provides trend analysis based on data collected 
infrequently from agents or from native operating system performance 
counters. The... 
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Can Intrusion Detection Keep an Eye on Your Network's 
Security? (Technology Information) 

Karve, Anita ' ^ 

Network, NA 

April 1, 1999 • < :; " 

ISSN: 1093-8001 LANGUAGE: English "* - RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 3702 LINE COUNT: 00308* rr 

Can» Intrusion Detection Keep an Eye : onlYour Network's 
Security? (Technology Information) 

eye on network traffic and to know if anything out of the ordinary 
is happening, network security should be supplemented with an Intrusion 
Detection System (IDS) . 

IDS tools act much like a security guard or a sentry . They 
constantly scan network traffic or host audit logs and look for anything 
unusual, which is normally defined as... 

...detection products are crucial to knowing what kind of activity is 
taking place on your network . IDS products can identify attacks based 
on predefined signatures of known methods^' of intrusion. They can also 
identify statistical anomalies... fc "V 

...of products, usually referred to as risk-assessment products, or more 
simply as scanners. While intrusion detection looks for attacks in 
progress, these scanners actually conduct, ethical barrages against your 
network to look for vulnerabilities . ^.( ForVmore on scanners, see "Scanning 
the Network," page 38.) Although... • 

...attacks. Fourth, it should subject the system to a minimal level of 
overhead. Finally, an intrusion -detection system should also be able to 
adapt as a network and its applications and other devices change over 
time . 

Host-based systems got their start before distributed networks 
became commonplace. In the 1980s, typical host-based intrusion detection 

consisted of reviewing audit logs for anomalous activity, which was 
sufficient because attacks on mainframe...^ 

...IDSs. Network-based systems monitor network traffic in real time, which 
leads to faster administration notification and faster response to any 

o ~ ' . 
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WORD COUNT: 4410 LINE COUNT: 00369 

brought the idea of vulnerability scanning into the mainstream-and 
with it the need for intrusion detection . Intrusion -detection 
systems (IDS), content- and URL-filtering servers, network virus 
scanners and vulnerability scanners augment network security by examining 
data that's passed through... , 

...of one security threat. For example, numerous point products have 
appeared to block access to networks , scan for viruses , filter 
unauthorized Internet access via e-mail or HTTP, track network usage and 
scan for vulnerabilities and ongoing attacks. With numerous point products 
to install, manage... 

...security perspective, including applications, policies and 
vulnerabilities. Frameworks also should aggregate data, perform event 
correlation, handle routine events and alert administrators to events 
needing immediate attention. 

Frameworks Evolution Mimics Network Management's Path 
Currently, early ... sources . Reporting, historical analysis and 
automated response all benefit from event correlation. Event correlation 
for network security is no different-rules need to be developed to 
identify security events correctly while ignoring innocuous events. 

The mainstay of any security system is its reporting and... whole. For 
example, Enterprise Security Manager, NetRecon, NetProwler and Intruder 
Alert will share the same vulnerability signature database / also slated 
for the second quarter. Check Point is building on OPSEC, integrating more 
partners ... ' 

...of this year. Initial of ferings 'will cover basic integration between 
diverse products, such as firewalls, network scanners, intrusion - 
detection systems and virus /content * scanners . 

Advanced security options such as event correlation and automated 
response systems are only ... plans . They must be in lockstep. When one 
changes, the other needs to be re-evaluated . 

Web Links 

"Intrusion Detection , Take Two 11 (Network Computing, Nov. 15, 
1999) www.networkcomputing . com/1023/ 1023fl . html 

"Anatomy of a Network Intrusion" (Network Computing, Oct. 18, 1999) 

www. . . 
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Of Neugents and Correlation Engines. (server performance 
management) (Technology Information) 

Toigo, Jon William 

HP Professional, 13, 8, 2S12 

August, 1999 

ISSN: 0896-145X LANGUAGE: English RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 2341 LINE COUNT: 00197 

... offer a solution set for post-Y2K enterprise systems, and 

developments will be made within DB tools , data warehousing, 
application lifecycle management and Internet technologies. 
"We use several of Provision's components... 


, .20 


Search report 


Surveillance And Intrusion Detection ^ 
...servers and workstations in the Solaris (tm) Operating 

Environment (tm) . It incorporates the most comprehensive knowledge base 
for 

detecting insider misuse, policy violations, privilege misuse or 
subversion, 

illegal resource manipulation, and other site policy violations upon 
operating 

systems. This fully packaged solution provides users with: 

a knowledge base of 39 host-oriented misuse-detection methods, 

extensive user ability to configure both the knowledge -base 
and surveillance policy, 

a graphical reporting console, for' managing sensor alerts t 

detailed response directives and human readable countermeasure 
recommendations , 

and real-time and batch data processing. 
When run. . . 

...to the security posture of any Solaris server or workstation. This type 
of 

host-based intrusion detection complements other surveillance methods 
such as ' 

network traffic analysis and provides direct, correlated intrusion 
reports on 

malicious activity occurring within the host, providing global... 

:.. . 

10/3,K/15 (Item 1 from file: 647) 

DIALOG (R) File 647: CMP Computer Full text' 
(c) 2001 CMP. All rts. reserv. 

01208397 CMP ACCESSION NUMBER: NWC20000124S0019 

Hammering Out a Secure Framework - Tying enterprise systems management to 
security management will be crucial as security frameworks evolve. 
Solid solutions should arrive by the end of 2000. 

Mike Fratto 

NETWORK COMPUTING, 2000, n 1101, PG79 
PUBLICATION DATE: 000124 

JOURNAL CODE: NWC LANGUAGE: English"/"'' 

RECORD TYPE: Full text \ ' ' \ " 

SECTION HEADING: Feature 
WORD COUNT: 4096 

brought the idea of vulnerability. scanning into the mainstream- and 
with it the need for intrusion detection . Intrusion - detection 
systems (IDS), content- and URL-filtering servers, network virus 
scanners and vulnerability scanners augment network security by examining 
data that's passed through... 

...of one security threat. For example, numerous point products have 
appeared to block access to networks , scan for viruses , filter 
unauthorized Internet access via e- mail or HTTP, track network usage 
and scan for vulnerabilities and ongoing attacks. With numerous point 
products to install, manage. . . 
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...security perspective, including applications, policies and 
vulnerabilities. Frameworks also should aggregate data, perform event 
correlation, handle routine events and alert administrators to events 
needing immediate attention. 

Frameworks Evolution Mimics Network Managements Path 

Currently, early ... sources . Reporting, historical analysis and 
automated response all benefit from event correlation. Event correlation 
for network security is no different-rules need to be developed to 
identify security events correctly while ignoring innocuous events. 

The mainstay of any security system is its reporting and... whole. 
For example, Enterprise Security Manager, NetRecon, NetProwler and 
Intruder Alert will share the same vulnerability signature database / 
also slated for the second quarter. Check -Point is building on OPSEC, 
integrating more partners... 

...of this year. Initial offerings will cover basic integration between 
diverse products, such as firewalls, network scanners, intrusion - 
detection systems and virus /content scanners. 

Advanced security options such as event correlation and automated 
response systems are only ... plans . They must be in lockstep. When one 
changes, the other needs to be re-evaluated . 

Web Links - 1 / 

"Intrusion Detection , Take Two" (Network Computing, Nov. 15, 
1999) www.networkcomputing . com/1023/1023f 1 . html 

"Anatomy of a Network Intrusion" (NetwSfk* Computing, Oct. 18, 1999) 
www. . . '" 

COMPANY NAMES (DIALOG GENERATED) : Active Security ; Axent Technologies ; 
Check Point Software Technologies ; Computer Associates ; Frameworks 
Evolution Mimics Network Management ; FreeBSD SA ; Gauntlet ; Internet 
Security Systems ; IBM Corp ; JSB Software Technologies ; Microsoft Corp 
; Microsoft . . . 
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More Bark Than Bite - Simplicity? Ye s?° Savings? Probably. What providers 
of managed firewall services won't mention are the problems. 

Joanna Makris . ^ ["^ 

DATA COMMUNICATIONS, 1999, n 2803, PG3|®J a " 
PUBLICATION DATE: 990307 

JOURNAL CODE: DAC LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: Cover Story - Firewall Services 
WORD COUNT: 4535 

... dynamic firewall." The device acts like a proxy firewall but also 

performs such functions as intrusion detection , using analytical 
software that monitors network activity from multiple locations. 
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After coming up to speed on the type of firewall, corporate ... as the 
Netranger and Netsonar tools from Cisco Systems Inc. (San Jose, Calif.). 
These store databases of known vulnerabilities on Unix, NT, and Web 
servers and automatically send alerts to the management system when... 

...providers also furnish raw security logs on request, so that customers 
can get a closer look at events and verify response time. 

When it comes to auditing the network for potential holes, every 
provider but US West comes through. Audits are performed remotely by. . . 

...range from $20,000 to $100,000, depending on the thoroughness. Why the 
additional cost? "Intrusion detection -studies can tell you whether or 
not your network is vulnerable, but it ; takes a lot of work to detail 
what that vulnerability could. . . r '*,V.' 

...changes and hardware failures. Sprint touts the best: firewall 
availability, response time for fixing hardware, handling of network 
changes, notification of critical events, and monthly report delivery 
are all guaranteed. And customers can choose between... up with an 
encrypted e-mail confirmation. 

7. Get the specifics on how the provider handles security alarms 

Find out who's on its internal escalation list-and make sure account 
execs and... checks file and directory integrity by comparing a designated 
set of files and directories to information stored in a previously 
generated database. Differences, including added or deleted entries, are 
flagged and logged. . . 
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FILLING THE GAPS -Vendors are starting to offer wares to ease the 
transition from mainframe to LAN 

Ron Peri 

COMMUNICATIONSWEEK, 1993, n 439 
PUBLICATION DATE: 930201 

JOURNAL CODE: CWK LANGUAGE: English 

RECORD TYPE: Fulltext 

SECTION HEADING: White Papers . y~ 

WORD COUNT: 3707 ' : ^ 

... application modules, each priced, at under $1, 000 per server. The 

products promise to provide network monitoring, applications monitoring 
, asset management, virus protection, protocol analysis , software 
metering, scripting and software distribution. Intel says it intends to 
support SNMP as well... 

...is call management-software that would let a manager easily track 
problem calls to their resolution and provide alerts when a problem 
has remained unresolved for a predetermined amount of time. 

From an applications ... scan tape cartridges. Half-inch tape drives 
from Ampex Corp., Redwood City, Calif., and Metrum Information Storage 
Corp., Denver, are now available with 25-megabyte storage capacity. These 
tape drives use SCSI... 
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Preventing Corporate Network Abuse Gets Personal — Network access abuse 
and proprietary corporate data theft are a recipe for disaster. Survey 
activity in the ranks with an employee monitoring campaign. (Industry 
Trend or Event) 

Dalton, Curtis E. 

Network Magazine, 56 

Feb 1, 2001 

ISSN: 1093-8001 LANGUAGE: English RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 2859 LINE COUNT: 00237 

...ABSTRACT: software tools include those- from Web Sense and 3e6 
Technologies. E-mail should be monitored and filtered if necessary to 
prevent virus attacks • Host-based intrusion detection systems can 
monitor and report on virtually every activity at the host, including user 
keystrokes. Detecting abuse or. . . 

configured to receive them, they can be interpreted and used to 
generate alerts on a monitoring console to notify security or support 
staff. 

Choke points in your network that should be monitored include 
authentication servers, authorization servers, directory servers, database 
servers, file and ... increase your chances for identifying the 
perpetrator (s) . A key component of forensics is data archival and 
handling . For this reason, protect your data storage devices and media 
just as you would your. 

...determine the specifics of how an alert. will be generated and who will 
get the alert . Solutions such as Micromuse 1 s (www. micromuse.com) 
NetCool and E-Security ! s (www.esecurityihc.com... 

...the existence of a corporate-wide virus. 

The ability to react to events on the network is crucial. By 
identifying unauthorized employee activities early on, you reduce the 
impact to your organization. Add real-time monitoring... 

...reached at cdalton@greenwichtech.com. 

Resources 

The author recommends the following books on employee usage 
monitoring and network security : r ■ 

Network Analysis and Troubleshooting, by J. Scott Haugdahl (2000, 
Addison Wesley) 

Network Monitoring Explained: Design and Application... 
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Hammering Out a Secure Framework — Tying enterprise systems management to 
security management will be crucial as security frameworks evolve. Solid 
solutions should arrive by the end of 2000 . (Technology Information) 

Fratto, Mike 

Network Computing, 79* 

Jan 24, 2000 . ' 
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* Security monitor — A security network^ monitor will detect 
problems and provide you with a chance -to + stop an attack before it does 
damage ... 

...though the traffic can be a bit high at times. ISS builds one of the 
network security monitors that was noted above. Note the ".net" vs. 
".com" in the address. 

* http : //www. secnet . . . 
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Taking It to the Next Level re: 

(Leading network management platforms' 'from several companies are evaluated; 

future technology discussed) 
Article Author (s): Ptak, Rich 
Internetwork, v 7, n 12, p 38-44 
December 1996 

DOCUMENT TYPE: Journal; Cross comparison study ISSN: 1079-0373 (United 
States) 

LANGUAGE: English RECORD TYPE: Full text; Abstract 
WORD COUNT: 3355 

(USE FORMAT 7 OR 9 FOR FULLTEXT) 

TEXT: 

...basis for differentiation. 

Fault management is the ability to locate and correct problems in the 
network . This includes automatic events,; ' filtering , event monitoring 
/ event response , alarm setting, arici^thresholds . Fault management 
also examines the volume of events that can be handled. . .between the device 
models to build the internal network model. 

Inductive Modeling Technology maintains a knowledge base of the models 
of all managed devices, including a complete functional, performance and 
relational description. . . 

...to a backup server with some scripting and reconfiguration of servers, 
graph omitted 

* Support for checkpoint restart in the event of network , host or 
client failure. 

HP is the clear leader in third-party "application support. Its ... polling 
and event filtering, and includes integrated- NerveCenter technology for 
event correlation. A lack of checkpoint^ restart and network security 
alarm features lower the product's administration scores. 

Sun keeps pace with other vendors in... 

...is the scalability, not only in terms of managed nodes, but also its 
ability to track data and trigger events , " says Gene Diveglia, vice 
president of information services at Intelligence Network Online. "We 
provide mission-critical support services, and Sun allows us to do that." 
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security filtering / host-and network -level intrusion detection 
tracking and reconnaissance. DefendNet'markets its service through small 

isps . 

* RIPTech Technologies 1 Esentry software has its... 

...firewall and intrusion detection tools; Esentry helps correlate the 
data. The company's operations center analyzes each event from its 
sensors . RIPTech remotely manages the security infrastructure and 
recommends how to respond to events. 

* Counterpane takes... 

...Counterpane, says the company installs the sensors on its customers 1 
sites and then watches and responds to alarms . Counterpane charges 
about $12,000 per month. 

— Kelly Jackson Higgins 

Kelly Jackson Higgins is a... \V- - J : 
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Hammering Out a Secure Framework 

(Tying enterprise systems management to security management will be crucial. 

as security frameworks evolve) 
Article Author(s): Fratto, Mike 
Network Computing, v 11, n 1, p 79-80;82+- 
January 24, 2000 

DOCUMENT TYPE: Journal ISSN: 1046-4468 . (United States) 
LANGUAGE: English RECORD TYPE: Fulltext; Abstract 
WORD COUNT: 3824 ' .. 
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(USE FORMAT 7 OR 9 FOR FULLTEXT) " 
ABSTRACT : 

...security viewpoint, including policies, applications and 
vulnerabilities. Frameworks will also aggregate data, perform event 
correlation, handle routine events and alert administrators to events 
requiring immediate attention. Article describes security frameworks 1 
evolution . ... 

TEXT : 

. . .brought the idea of vulnerability scanning into the mainstream — and with 
it the need for intrusion detection V intrusion -detection systems 

(IDS), content- and URL-filtering servers, network virus scanners and 
vulnerability scanners augment network security by examining data that's 
passed through. . . r 1 * . r ' 

...of one security threat. For example, numerous point products have 
appeared to block access to networks , scan for viruses , filter 
unauthorized Internet access via e-mail or HTTP, track network usage and 
scan for vulnerabilities and ongoing attacks. With numerous point products 
to install, manage... 

...security perspective, including applications, policies and 
vulnerabilities. Frameworks also should aggregate data, perform event 
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to generate meaningful trend analysis, giving a complete view of the 
security. . . 

... have been developed 'in-house 1 , such as for on-line banking. Security 
Advisor enables the security team to monitor the whole network , with 
information fed back in a standard format, giving a holistic overview of 
the security infrastructure. 

About Security Advisor 2.0 

+ Total cross -platform security --monitoring supporting operating 
systems, firewalls, intrusion detection systems, authentication servers and 
other security related functionality 

* Centralises... * — 


...attacks and probes against firewalls and changes to firewall rules 

* Support for site specific operator response to alerts 

* Monitors access to Microsoft Windows NT through Event Viewer API and 
UNIX through system logs... 

. . . common framework for security applications/platforms the alerting and 
reporting capabilities are greatly enhanced. Security Advisor , Advisor 

Technologies 1 flagship software solution enables a security team to 
monitor how well a security policy has been implemented- across .. . 
?show files;ds 
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ISS Unveils Version 5.0 Of Internet Scanner Software 

(Internet Security Systems* Internet Scanner 5.0 now features a range of 
unique security reporting capabilities, performance enhancements, and a 
significant number of new Windows NT and Unix vulnerability checks) 

Newsbytes News Network, p N/A 
February 26, 1998 

DOCUMENT TYPE: Journal ISSN: 0983-1592 (United States) 
LANGUAGE: English RECORD TYPE: Full text 
WORD COUNT: 652 

ABSTRACT : 

...security vulnerabilities to scan a network and identify security holes 
automatically. In addition to identifying security weaknesses quickly, 
Internet Scanner is claimed to respond with detailed, easy-to-understand 
corrective actions and automatic p r i o r i t i 1 zat i on of security risks. Key to 
the package is what officials describe as a dynamic database of security 
vulnerability checks that ISS has built up over several years to give 
users the most reliable means possible of detecting their network 
security holes. Using Internet Scanner , the company claims that 
organizations can quickly and easily generate numerous and varied reports 
— including. . . 


17/3, K/2 (Item 1 from file: 13) 

DIALOG (R) File 13:BAMP 

(c) 2001 Resp. DB Svcs. All rts. reserv. 

01151931 02311210 (USE FORMAT 7 OR 9 FOR FULLTEXT) 

Hammering Out a Secure Framework 

(Tying enterprise systems management to security management will be crucial 

as security frameworks evolve) 
Article Author(s):' Fratto, Mike 
Network Computing, v 11, n 1, p 79-80,82+ 
January 24, 2000 

DOCUMENT TYPE: Journal ISSN: 1046-4468 (United States) 
LANGUAGE: English RECORD TYPE: Fulltext; Abstract 
WORD COUNT: 3824 

(USE FORMAT 7 OR 9 FOR FULLTEXT) 

TEXT: 

...big thing. But that's only after someone spends lots of time writing the 
rule base to correlate events from multiple sources . Reporting, 
historical analysis and automated response all benefit from event 
correlation. Event correlation for network security is no 
different — rules need to be developed to identify security events 
correctly while ignoring innocuous events. 

The mainstay of any security system is its reporting and. . . 
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CyberCop Patrols On Linux 

(Evaluator says Network Associates 1 CyberCop Scanner 2.5 Linux Version has 



as one of its strengths, extensive vulnerability-checks database) 
Article Author(s): Levine, Diane E 
Information Week, p 116 
May 24, 1999 

DOCUMENT TYPE: Journal ISSN: 8750-6874 (United States) 
LANGUAGE: English RECORD TYPE: Fulltext; Abstract 
WORD COUNT: 737 

(USE FORMAT 7 OR 9 FOR FULLTEXT) 

TEXT: 

...first commercially available Linux network scanner. 

CyberCop Scanner 2.5 scans and audits an entire network or individual 
hosts to verify and report on network and system security vulnerabilities 
before they become problems. CyberCop tests for more than 540 
vulnerabilities and provides summaries, detailed reports, and advice. 
Network Associates provides monthly engine, resolution , and 
vulnerability database updates via its AutoUpdate technology. Because 
intrusion attacks sometimes evade network intrusion -detection 
sensors , host monitoring with CyberCop provides information on events 
and system behaviors, compares these against a rules database, and 
identifies possible intrusion attempts. 

Installation of CyberCop requires no special training. A novice security or 
auditing person can... 

...the CyberCop Intrusion Protection Suite 
Strengths 

* Scans and audits entire networks and hosts for system security 
vulnerabilities 

* Extensive vulnerability -checks database 

* Provides possible resolution for vulnerabilities 
Weaknesses 

* Skip Currently Running Module button on the toolbar may not stop all... 
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Safeguarding Data With WORM: Technologies, Processes, Legalities, And 
Standards 

(Article discusses Write-Once-Read-Many (WORM) technology as ideal storage 

solution, according to several firms) 
Article Author (s) : Peebles, Mike 

Computer Technology Review, v XVIII, n 12, p 50,52 
December 1998 

DOCUMENT TYPE: Journal ISSN: 0278-9647 (United States) 
LANGUAGE : English RECORD TYPE: Abstract 

ABSTRACT: 

The article discusses the Write-Once-Read-Many (WORM ) technology as ideal 
storage solution . WORM addresses the needs of many firms perfectly from 
a technological point of view. Yet, unless... 

. . .more questions, they have achieved only the illusion of data security. 
In managing and safeguarding computer -based information, firms worldwide 
must implement the two fundamental requirement for data security, which 
include . . . 
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TELECOMMUNICATIONS NETWORK MANAGEMENT OBSERVATION AND RESPONSE SYSTEM 
SYSTEME D 1 OBSERVATION ET DE REPONSE POUR GESTION DE RESEAU DE 
TELECOMMUNICATIONS 

Patent Applicant/Assignee: 

COHERENT COMMUNICATIONS SYSTEMS CORP, COHERENT COMMUNICATIONS SYSTEMS 
CORP. , 45085 University Drive, Ashburn, VA 20147 , US 
Inventor (s ) : 

HERSHEY Paul C, HERSHEY, Paul, C. , 7523 Belle Grae Drive, Manassas, VA 
22110 , US 

STOLTZFUS Jeffrey L, STOLTZFUS, Jeffrey, L . , 7424 Paxton Roaci, Falls 
Church, VA 22043 , US 
Patent and Priority Information (Country, Number, Date) : 
Patent: WO 9812828 Al 19980326 

Application: WO 97US15531 19970904 (PCT/WO US9715531) 

Priority Application: US 96714865 19960917 
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Publication Language: English 

Filing Language: English 

Fulltext Word Count: 3417 

Fulltext Availability: 
Detailed Description 

Detailed Description 

management protocol software to provide for real time processing of 
the desired information. 

The network probe is programmed to monitor a number of network 
functions and conditions including configurations, faults, performance, 
accounting, and security . Network, cpnf iguration includes such 
parameters as network signaling and VT v lv5 mapping for SONET. Network 
fault . . . 
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INFRARED INTRUSION SENSOR 
CAPTEUR INFRAROUGE ANT I -INTRUSION 

Patent Applicant/Assignee: 

THE COMMONWEALTH OF AUSTRALIA 

LIDDIARD Kevin Charles 

RICE Brian William 

WATSON Rodney James 
Inventor (s): . kr^.y: : \ 

LIDDIARD Kevin Charles ' , - t . 

RICE Brian William . . *:,*'"y 

WATSON Rodney James 
Patent and Priority Information (Country, Number, Date) : 

Patent: WO 9318492 Al 19930916 

Application: WO 93AU93 19930308 (PCT/WO AU9300093) 

Priority Application: AU 921228 19920309 



17 


• •• 

Search , report 


\ 


Designated States: AT AU BB BG BR CA CH CZfDE DK ES FI GB HU JP KP KR LK LU 
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Publication Language: English 

Fulltext Word Count: 5647 

Fulltext Availability: 
Detailed Description 

Detailed Description 

. . . a commercially available personal computer. 

Alternatively, the sensors may be integrated with an existing remote 
surveillance or security sensor system. 

In preference the network control means comprises a computer and 
network controller. The network controller interfaces between the 
plurality of infrared intrusion sensors and a serial port of the 
computer. In this arrangement the computer- may also comprise... 
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DIALOG (R) File 349:PCT Fulltext 
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00303463 

INTELLIGENT SECURITY SYSTEM 
SYSTEMS DE SECURITE INTELLIGENT 

Patent Applicant/Assignee: 

INTERAMERICAN INDUSTRIAL COMPANY 
Inventor (s ) : 

ANDREWS George F 
Patent and Priority Information (Country/ : 'Number, Date) : 

Patent: WO 9213326 Al 19920806 

Application: WO 91US5700 19910809. (PCT/WO US9105700) 

Priority Application: US 91643455 19910118; 
Designated States: AT AU BE CA CH DE DK-;ESf FR GB GR IT LU NL SE 
Publication Language: English K'^/l^ 
Fulltext Word Count: 3418 " 

Fulltext Availability: 
Claims 

Claim 

... throughout the several views of the drawings. 
t~ 

DETAIMD DESCRIPTIM 

A preferred emb od ime nt for the intelligent security system of this 
invention is depicted in block diagram form in the view of Fig. 1. As 
shown in that figure, the system comprises a scanner mans to detect 
the presence of a predetermined object / (not sh own ) and to transmit an 
enc M. . . * ; 
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HANDLING A DEVIL OF A NETWORK PROBLEM 

Network Management Systems & Strategies, v7, n7, pN/A 
April 4, 1995 
ISSN: 1043-1217 

Language: English Record Type: Fulltext 
Document Type: Newsletter; Trade 
Word Count: 588 
TEXT: 

Humans have a genius for making something bad out of something good. A 
classic case is atomic energy. Its potential for helping mankind was 
recognized instantly. But its first major uses were destructive. 

That phenomenon has recently appeared in the computer industry. Many 
information systems managers around the world have just added a tool for 
analyzing the security status of corporate networks. Unfortunately, the 
tool -- in the wrong hands -- can also be used to breach a network 1 s 
defenses . 

The tool is known as "SATAN, " an acronym for Security Administrator 
Tool for Analyzing Networks. Designed to report security weaknesses in a 
networked computer site, the tool can mimic a computer intruder and find 
ways to "break into" highly confidential computer files. Used by ethical 
individuals SATAN can help a company determine how safe its confidential 
files are against intruders. But unethical hackers can use it to infiltrate 
a computer system, find security weaknesses and use or alter confidential 
data for fun, profit or malicious intent. 

According to Robert A. Clyde, a network security expert with AXENT 
Technologies (Rockville, Md. ) , corporations can protect themselves from a 
"malicious security breach." 

Clyde said there are steps that can be taken short-term and long-term 
to protect against unauthorized access to secure information. Since AXENT 
is a network security vendor, its opinions about SATAN should be kept in 
perspective. Nevertheless, he does offer the following common sense 
suggestions : 

* Installing SATAN may not be way to protect information. "In fact, 
that cure may be worse than the disease," Clyde said. Products such as 
SATAN can be damaging in networked environments if installed and used by 
non-security experts. Most security products provide recourse from improper 
use; SATAN does not. 

* It is not necessary to use SATAN in order to protect against it, 
Clyde said. There are other commercially available products on the market 
that can detect the same security vulnerabilities. 

* Ensure that the latest security patches and upgrades to operating 
system are loaded. Implement enhanced access controls on Unix systems to 
limit and restrict network access. 

* Implement an intrusion detection system. Alarms exist for networks 
to warn if someone is violating policy and breaking in. An intrusion 
detection system acts like an automated sprinkler system to detect and stop 
an outsider from breaking in. 

* Know SATAN f s limitations before it is loaded on the network. Though 
SATAN could be a useful tool to discover potential security vulnerabilities 
it is not a complete security solution and running SATAN doesn't 
necessarily mean that data is secured. 

* Do not run SATAN if a network is connected to someone else's system. 
Since SATAN actively "probes" or attacks other systems in the network for 
security vulnerabilities, security administrators may find themselves in 
the awkward position of explaining to the owners of other systems why they 
are attempting to break into those systems. SATAN has no way of knowing 
which specific systems a particular security administrator covers or which 
systems in the network a particular company owns. 

Over the long term, Clyde suggests: developing security policies 
immediately; defining the security policies; tracking adherence to 
established policies; and implementing an automated centrally managed 
solution based on security policies. 

An automated solution, Clyde said, should be capable of running only 
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authorized multiple^JKat forms and network protocols .^^^like SATAN, only 
authorized personnel should have access to tools to look at systems for 
which it was specifically authorized. 

AXENT 1 s main focus is providing enterprise-class information security 
software and professional services for PCs, PC/LANs, Unix workstations and 
servers, mid-range computers, and mainframes. 

Copyright 1995 DataTrends Publications, Inc. 
THIS IS THE FULL TEXT: COPYRIGHT 1995 DataTrends Publications, Inc. 
Subscription: $445 per year as of 1/92. Published biweekly. Contact 
DataTrends Publications, Inc., 30 Catocin Circle, S.E., Suite C 
Leeburg, Virginia 22075. (703) 760-0660. FAX (703) 760-9365. 
COPYRIGHT 1999 Gale Group 
PUBLISHER NAME: DataTrends Publications, Inc. 

INDUSTRY NAMES: BUSN (Any type of business); CMPT (Computers and Office 
Automation) 
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04301787 INSPEC Abstract Number: C9301-6150 J-034 
Title: A rule-based intrusion detection system 
Author(s): Holden, D. 

Author Affiliation: Digitial Equipment Corp., Merrimack, NH, USA 
Journal: IFIP Transactions A (Computer Science and Technology) 
vol.A-15 p. 433-40 

Publication Date: 1992 Country of Publication: Netherlands 
CODEN: ITATEC ISSN: 0926-5473 

Conference Title: IFIP TC11 Eighth International Conference on 

Information Security, IFIP/Sec '92 

Conference Date: 27-29 May 1992 Conference Location: Singapore 
Language: English Document. Type : Conference Paper (PA); Journal Paper 

(JP) 

Treatment: Practical (P) 

Abstract: The nature of the information produced by typical operating 
system audit subsystems makes analysis and interpretation of audit logs 
difficult. Keeping up with the audit stream in real time is infeasible 
unless the process is automated. The author describes an on-going project 
to develop real-time security monitoring and analysis applications that 
performs rule-based analysis of the output of the audit subsystem to 
recognize and respond to security-relevant activity such as system 

intrusion . The prototype application monitors the audit-record stream 
generated at the syscall level and recognizes higher level, 
security-relevant actions. Related actions are identified and grouped into 
sets representing a stream of logically connected events . A rule base 

analyzes the sets of events and generates responses in near 
real-time. The system detects actions which may be attempts to subvert the 
security policy of an installation, and collects auxiliary information 
necessary for making decisions. The monitoring application communicates 
significant activity to system management and can take immediate 
countermeasures . The author describes the architecture and control 
mechanisms being developed and provides an example of the functionality 
recently implemented in a VMS product to detect system intrusions . (5 

Refs) 
Subfile: C 
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03684222 INSPEC Abstract Number: A90104353 
Title: A systematic approach to recurring event/problem determination 

Author(s): Futrell, R.C. 

Author Affiliation: Duke Power Co., Charlotte, NC, USA 

Journal: Transactions of the American Nuclear Society vol.61 p. 
295-6 

Publication Date: 1990 Country of Publication: USA 
CODEN: TANSAO ISSN: 0003-018X 

Conference Title: 1990 Annual Meeting of the American Nuclear Society 
(papers in summary form only received) 

Conference Date: 10-14 June 1990 Conference Location: Nashville, TN, 
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Language: English Document Type: Conference Paper (PA); Journal Paper 
(JP) 
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Abstract: A lot can oe accomplished in the data centre to improve 
availability by dramatically reducing human intervention and error. AWT has 
made significant advances towards full automation by combining a range of 
vendor automation tools with our own expert systems. Using experts in their 
particular fields, a knowledge base has been established to expertly 
respond to system events . As a result we have reduced our costs and our 
problems and opened up new career paths for our operators. Application 
availability has increased and our mainframe and mid-range hardware 
environments are monitored and managed remotely and automatically. Our 
problems are logged and escalated automatically, with support staff being 
beeped without human intervention based on pre-set escalation guidelines. 
The building environments and security will also be monitored 
automatically. We have come a long way. We have come out of the dark, with 
automation lighting the way to improved services and reduced cost. (Author 
abstract) 2 Refs. 
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Networked reproduction apparatus with security feature. 

Document Type: Patent 

Author (Affiliation) : Matias, L.A. 

Patent Assignee (s): Eastman Kodak Co. 

Patent Number(s): US 5528374 

Publication Language (s): English 

Source: Jun 18, 1996 

An electronic/copier printer apparatus includes a scanner for 
scanning original documents representing a copy from a first source of 
image information and printer input means for receiving electrical 
signals representing electronic information of a production job from a 
second source of information. A marking engine prints production jobs. 
The marking engine means includes means for communicating with the 
scanner and the printer input means. A memory forms a part of the 
marking engine and stores electrical signals representing production 
jobs from the first and second sources. The marketing engine includes a 
security mode wherein in response to a loss of communication with 
one of the scanner and the printer input means while communication 
remains with the other there is selectively prevented production of 
production jobs stored in said memory means and derived from the one to 
which communication is lost while selectively printing production jobs 
from the other to which communication remains. A network is also 
described wherein one or more input devices is coupled to one or more 
marking engines and a similar security mode is provided. That is, loss 
of communication between a marking engine and a front end device 
precludes printing of information already stored in the marking 
engine and derived from the source to which communication is lost. 
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What you need to know about NAS 

Williams, Tim; Smith, Sue 

Storage Management Solutions , November 1, 1999 , v4 n5 p22-24, 3 
Page (s) 

ISSN: 1097-5152 

Discusses factors driving end user demand for network attached storage 
(NAS) and for a new generation of storage appliances. Describes the cost 
benefit to information technology (IT), the administrative convenience, and 
network -based UNIX and Microsoft NT integration. Claims that new NAS 



appliances will handle file security and integrity, the semantics of 
UNIX and NT file systems, and various file attributes. Adds that NAS 
appliances must be able to support various file locking requirements. Notes 
that security features are crucial and the devices must unify UNIX and NT 

security semantics by managing identifiers , access rights, and 
descriptors. Expl ains that the ability to store UNIX and NT data on a 
single device is supported by SMB/CIFS protocols for NT and NSF for UNIX. 
Includes one photo, (amg) 
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Life after IDS — You spent months evaluating, testing, purchasing and 
deploying your intrusion detection system. Now the fun really begins 

Schneider, Sondra; Schetina, Erik; Stahl, Donald; Maes, Vincent 
Information Security , September 1, 1999 , v2 n9 pl8-25, 28-29, 8 
Page (s) 

ISSN: 1096-8903 

Presents a special section on intrusion detection , including the 
article ^Life After IDS 1 1 (pl8-25) by Sondra Schneider et al. which 
indicates the need to have resources that can customize, monitor, react to, 
and make corrections to intrusion detection systems (IDSs) . Notes that 
the basic types of IDS sensors are network -based, which act like super 
sniffers, and host-based, which depend on the OS's logs to detect events 
States that to monitor one's systems effectively, one needs to prepare 
in the areas of IDS monitoring and response , incident handling , 
forensic analysis and data retention, and reporting. Also includes " x How I 
Chose an IDS 1 1 (p28-29) by Vincent Maes, which chronicles the steps the 
author took in choosing Re a L S ecu re from_ISS , which offers the most attach 
signatures, provides a strong R&D support base, and maintains a searchable 
database of vulnerabilities . Includes two photos, two tables, two ' 
sidebars, one screen display, and a list of related products, (jon) 
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Intel revamps LDMS management suite 

Musich, Paula 

PC WEEK , October 20, 1997 , vl4 n44 pi, 18, 2 Page(s) 

ISSN: 0740-1604 

Company Name: Intel Corp. 

Product Name: LANDesk Management Suite 6.0 

Announces the availability of LANDesk Management Suite 6.0 ($NA) , a 
systems management software package from Intel Corp. of Santa Clara, CA. 
Says it uses Windows NT as the foundation for its core management server 
and provides users with the option of using any Open Database Connectivity 
(ODBC) -compliant database to store inventory and management data. Adds that 
it manages both 16- and 32-bit desktops and handles software distribution, 
metering, and inventory as well as diagnostics, remote control, 
server-based event handling / server monitoring , and integrated 

reporting. Also says it supports a mixed environment of NetWare, Window NT, 
Mac OS, and OS/2 servers and clients. Includes a chart, (dpm) 
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networks . It supports Windows and Windows 95 and provides on-screen 
event notification. The price is $65. 

MERGENT INTERNATIONAL PC/DACS AND DOMAIN/ DACS FOR DOS AND ... SOFTWARE 
METZ LOCK * 

Metz Lock is access control software for LAN Manager and Windows NT 
networks . It supports Windows and provides on-screen event 
notification. The price is $39. .'■ 

MILKYWAY NETWORKS BLACK HOLE . ^ 

Black Hole is access control, encryption, and firewall software. It 
supports Unix and. . . 

. . . OCTOPUS 1 . 6 

Octopus 1.6 is server and disaster recovery software for Windows NT 
networks . It supports Windows NT and provides on-screen event 
notification. The price is $999. 

ONTRACK DATA RECOVERY ONTRACK NETSHIELD 

Ontrack NetShield is antivirus hardware for NetWare 3.x and NetWare 
4.x networks . It supports DOS, Windows, and OS/2 and provides on-screen 
and fax event notification. 

PARALON PATHKEY AND PATHKEY/ DOMAIN 'SERIES 

The PathKey and PathKey/Domain Series is access... 

...access control, and encryption software" for NetWare 3.x, NetWare 4.x, 
and Windows NT networks . It supports DOS, Windows, and Windows NT and 
provides on-screen event notification;,,. The price is $149.95. 
PLATINUM TECHNOLOGY PLATINUM AUTOS E t URE 

Platinum AutoSecure is security management software for HP-UX, AIX, 
Solaris, and SunOS networks . It supports Motif and provides on-screen 
event notification. Prices start at $50 for client components and $1,000 
for server components. 

PREFERRED. . . 

. . . SAFEDIAL 

SafeDial is encryption hardware for NetWare 3.x, NetWare 4.x, and 
Windows NT networks . It supports Windows and Windows NT and provides on- 
screen event notification. The price is $995. 

RAPTOR SYSTEMS EAGLE LAN , EAGLE REMOTE, AND EAGLE 3.X 

Eagle LAN, Eagle Remote, and Eagle 3, x are... 
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Moving on to the Net? Think about your route, (approaches for creating 
firewalls) (includes related articles on Unix systems security, glossary 
of firewall terms, security product listing) (Technology Information) 

Gilliland, Steve 

Data Based Advisor, vl4, n5, p60(6) 
May, 1996 

ISSN: 0740-5200 LANGUAGE: English RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 4074 LINE COUNT: 00336 ... 

615-9911, (404)843-9111 Fax. ' ( 404 )^843-9700 http://www.tlogic.com 
Kane Security Analyst for Novell . and; NT Intrusion Detection , 
Inc. New York New York 10028 800-408-6i.04, (212) 360-6104 Fax: (212) 427... 

...Security Tools, then on System Moni.tpring . Merlin is listed here. 

* The Carnegie Mellon Computer Emergency Response Team (CERT) issues 



27 


Search report 


advisories that described security holes in popular products and systems, 
prescribes patches, and offers a set . . . to ;> block or filter some or all of 
the traffic trying to pass between the networks • 

Intrusion detection : Detection*; -of ■ break-ins or break-in attempts 
either manually, or via software expert .systems that... 
...be caused to perform unauthorized activity, resulting in a security 
breach. , 

Logging: The process of storing ^information about events that 
occurred on the firewall or network. "WzKie 

Log retention: How long audit logs... 
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Network management. (Annual Buyers 1 Guide) (Buyers Guide) 

LAN Magazine, v9, nil, pl85(45) 

Oct 15, 1994 . • 

DOCUMENT TYPE: Buyers Guide ISSNr' 0898-0012 LANGUAGE: ENGLISH 

RECORD TYPE: FULLTEXT; ABSTRACT ~ 

WORD COUNT: 17405 LINE COUNT: " 0l525 v " 

... Manager, LAN Server, VINES, WihelMi NT^ ' and NFS. Call-tracking, 

problem-resolution, and third-party' knowledge -base features are 
supported. Pricing starts at $50,000 for a 10-user server system. 
ANSWERSET. . . 

. . . clients . Call-tracking, trouble-ticketing, problem- routing, inventory 
management, suggested-solutions , reporting, historical-log, and knowledge 
-base features are supported. Prices start at $995. 

AUTOMATED PROGRAMMING TECHNOLOGIES APT MIRROR IMAGE 

APT Mirror. . . 

. . .ticketing, problem-routing, inventory ; \management, suggested-solutions, 
reporting, historical-log, problem- resolution trees, and optional 
knowledge -base features are supported?^*" 

BLUE LANCE LT HELPDESK . " ^ . 

LT HelpDesk runs on NetWare 3.x S £or... 

...platforms for DOS and Windows cliehfes^feali-trackirig, trouble-ticketing, 
problem-routing, inventory management,' ^suggested-solutions , reporting, 
historical-log, automatic-notification , automaticescalation, and 
service-level agreement features are supported. The price is $16,500 for a 
. . .Utilities for Networks — LAN Directory provides details about the 
hardware and software on LANs and stores detailed information on all 
network components. Computer managers can track PCs and Macs, including 
standalone machines, file. . .hubs/repeaters, bridges/switches, and touters 
on NetWare 3.x, LAN Manager, and LAN Server networks . It has a Windows 
interface and supports SNMP. On-screen event -notification and 
topology-mapping, traffic-monitoring, protocol-analysis, configuration, 
fault management, and usage-monitoring functions ... an X Window interface 
and supports SNMP and RMON . On-screen;H e-mail, and pager event 
-notification, and traffic monitoring *y " protocol-anaylsis , configuration, 
fault management, usage-monitoring, accounting, automatic network 
-baselining, and global network-applications functions are provided. RMON 
base manager software costs $4 , 000 . . . Topology-mapping, traffic monitoring, 
protocol-analysis, configuration, faulty management, and usage-monitoring 
function, and on-screen and pager event"' -notification are provided. 
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an enhancement to the SNMP standard defined by the Internet Engineering 
Task Force ... 

...Hermes. This product will initially V&'n'ciude hardware and software 
inventory tracking, automated software '"(ifstribution including virus 
detection , remote control, and troubleshooting, and management of 
networked applications. While both the Norton Administrator for Networks 
and Hermes will support DMI, the Microsoft. . .PCs, including Macintosh), 
client PC monitoring, server monitoring, network monitoring, application 
metering, electronic software distribution, network mapping, alert 
notification, printer and queue management, virus detection , storage 
management, asset management, and automatic task scheduling. 
Technology overview 

Irrespective of the specific network. . .desktop management function 
with application monitor and a comprehensive server monitor module with 
very good alert -handling features. , i: \ 

LANDesk Manager comes with impressive documentation and an excellent 
user interface. The Control Panel... \ : - 

...LANLord and Saber LAN Workstation are ^excellent for workstation 
management. LANLord excels in workstatio^vtrap (alarm ) handling and 
management, large network support and multiple NOS support. But LANLord 
lacks server management capability. . . 

...and Frye Utilities for Networks provide the best threshold setting and 
alarm features. Frye's alarm notification and response option is the 
most flexible. 

XTree Tools for Networks, VisiNet and LANLord receive low management 


...options and excellent management applications and functions. 
Particularly strong are the threshold- set-up and alarm notification and 

response . But it lacks Windows support^and network monitoring/protocol 
analysis support, and there is limitedv;f .- \f 

...and workstation management options and report generation and output are 
limited, and there is no alert notification and response capability. 

However, it does have a protocol **alecbde feature, superior auto 
discovery and topology mapping. 

...affected BindView NCS 1 s error handling score. 

All the management products performed well in the event tracking 
evaluation . Alerts and configuration changes were correctly identified by 
all the programs . 

Ease of learning 

All .. .management function with an application monitor, and an 
effective server monitor module with very good alert -handling features. 
The Control Panel in LANDesk Manager's user interface is amongst the best 
of .. .installing new applications, installation and distribution of 
operating system software, and software ;upgfades on a network . 

VIRUS PROTECTION V* \ ; 5 -. . 

A virus scan /protect program enables centrally managed virus 
protection for network file servers and ^client workstations (DOS, 
Windows, Mac, OS/2 etc.). Virus protection* should be... 

...define the methods of collecting and exchanging management information. 
Other specification modules include the Management Information Base 
(MIB) and Directory Services. 

In an attempt to define a network management standard, the Internet 
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OneView runs on DOS and Unix with "a 1 graphical interface. SNMP is 
supported. It provides a hierarchical network map, on-screen event 
-notification, and a MIB compiler. Approximately 60 third-party 
applications are available. Prices start at... 

. . .6000 v Vv ; 

CMS 6000 runs on Unix with an X Window interface. It offers a 
hierarchical network map, on-screen event -notification, and a MIB 
compiler. It supports SNMP and RMON, and it costs $15,000... 

. . .AMERICA SNMPC 

SNMPc runs on Windows and supports SNMP and RMON. It provides a 
hierarchical network map, on-screen event -notification, and a MIB 
compiler. Ten third-party applications are available. It costs $4,649... 
. . . NMS 

Direct Route NMS runs on Windows and supports SNMP management. It 
provides a hierarchical network map, Microsoft SQL Server relational 
database, on-screen event -notification, " and a MIB compiler. It sells 
for $499. 1 " 

THOMAS-CONRAD SECTRA FOR WINDOWS - "■ 

Sectra for Windows supports SNMP 'management protocols. It provides a 
hierarchical network map, on-screen ^eveht -notification, and a MIB 
compiler. It is priced at under $1,500;-/ 

TRELLIS NETWORK SERVICES... 

. . .and supports SNMP and NMVT. It provides a gateway to IBM NetView 
functions and on-screen event -notification. 
CIRCUIT MASTERS STAYUP 

StayUp supports NetWare networks . It automatically maintains 
network connections. When the connection to the file server is lost, StayUp 



...NetBIOS, NetWare 3.x and 4.x, LAN Manager, LAN Server, VINES, and 
Windows NT networks . It has a Windows J±nt erf ace . Batch processing 
functions and on-screen and e-mail event /notification are provided. It 
costs $1,495 per batch processor. . / / 

PROTOCOL ANALYZERS *' 

AG GROUP ETHERPEEK... ; /' 1: " '" 
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Network management systems, (introduction to network management market and 

requirements and review of nine network management tools) (Software 

Review) (PC User NSTL Lab Test) (Evaluation) 

PC User, n234, p90(15) ■ ■ 

May 4, 1994 

DOCUMENT TYPE: Evaluation I S SN : ^ 0-2 63-5720 LANGUAGE: ENGLISH 

RECORD TYPE: FULLTEXT; ABSTRACT " _ . 

WORD COUNT: 7497 LINE COUNT: 00656 >r / . 

management function with an application monitor, and an effective 
server monitor module with very good alert -handling features. The 
Control Panel in LANDesk Manager's user interface is amongst the best of... 
main management standards (SNMP and CMIP) or defining new management 
extensions . 

The remote monitoring management information base (RMON MIB) — 
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...it also archives data to permit trend-'analysis.. 
RMON MIB ' si-fiB? * 

The Remote Network Monitoring Management Information Base (RMON 
MIB) defines network monitoring functions with more rigorous fault 
diagnosis, performance tuning and comprehensive... 
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DOCUMENT TYPE: Product Announcement * ^ISSN: 0898-0012 LANGUAGE: 

ENGLISH RECORD TYPE: FULLTEXT; ABSTRACT 

WORD COUNT: 484 LINE COUNT: 00040%'vV* 

...ABSTRACT: as IBM 's NetView/6000 and HP's OpenView; it combines 
real-time inventory updating, incidents tracking and performance 
analysis . Paradigm uses trouble tickets to monitor network 
problem-solving projects. If a network device fails, Paradigm issues a 
report, tracks the progress of diagnosis and repairs and informs affected 
users when the problem is solved . Paradigm stores devices ' performance 
histories in cross-referenced tables. Remedy's Health Profiler features 
libraries of vendor... 

... IBM's NetView/6000 platforms. This trouble-ticketing application 

integrates real-time inventory updates, ^-performance analysis , and 
incidents tracking . Like Remedy's Action Request System, Paradigm uses 
trouble tickets to track the workflow of... 

. . .problems- from a report by a device or* a; user; through analysis and 
repair, to resolution , including notification of the affected users. 
Its architecture enables network managers; v to automate network management 
tasks , says ... ^ 
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launches integrated solution for security infrastructure; Centralised 
monitoring of security systems enablesyrnqre reliable detection of threats 

(c... ; ;; ^ - 

... administrators. 

Security Advisor monitors security applications around the clock, 
storing event logs in a central repository . Log information can be used 
to generate meaningful trend analysis, giving a complete view of the 
securitysuch as for on-line banking. Security Advisor enables the 
security team to monitor the whole network / with information fed back 
in a standard format, giving a holistic overview of the security 
infrastructure . 

About Security Advisor 2.0 

* Total cross -platform security . monitoring supporting 
operating systems, firewalls, intrusion; : detection systems, authentication 
servers and other security related - functionality 

* Centralises ... attacks and probes against firewalls and changes to 
firewall rules 

* Support for site specific operator response to alerts 

* Monitors access to Microsoft ^Windows' NT through Event Viewer API 
and UNIX through system logs... 

...common framework for security applications/platforms the alerting and 
reporting capabilities are greatly enhanced. Security Advisor , Advisor 
Technologies 1 flagship software solution enables a security team to 
monitor how well a security policy has been implemented across... 
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TEXT: 

... commercial products obtained from information security vendors. 

These products perform security incident responses, penetration testing, 
network threat identification, assessment, intrusion detection and 
analysis . "It is possible to protect information systems and associated 
business assets. To do so requires ... and the cost involved. This process 
has been refined and relates to Para-Prqtects extensive database of 
identified vulnerabilities / which 'have been built up with experience and 
can change almost hourly. Product companies are . 

...and altered Lloyd's Web site, which^momentarily disappeared from the 
Internet. The appropriate incident response team in London was notified 

When Lloyd's restored the original Web page, it soon became obvious 
that not ...sized businesses with an Internet security solution that 
contains a firewall, operations monitoring and incident response . Other 
packages include Para-Alarm / a 24-hour, seven-day-a-week firewall 
monitoring service that detects and reacts to. . . 
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Tertiary Functions: 
Modeling and Simulation 

infrastructure Design. 
Storage/ Backup 


Search^, report 


Simulation packages and 
modeling software 
Advanced cable. . . 



* Backup/ restoration 

software 


Baseline Security 


Tape storage 
Tape management 
system 

Application-specific 
control 

Virus -detection software 


Secondary Functions: 
End User Device 
Management 


Performance Monitoring 


* Education/ 
documentation 

* Network Operating 

* System utilities 

* Spare parts 

* Diagnostic software 
utilities 

* Performance monitoring 
software 

Inventory * Inventory ... specif ic and third-party 

diagnostic utilities (such as Symantec's Norton Utilities) can provide 
diagnostic information on the storage media, file structure and system 
file corruption. * Performance Monitoring' -and Inventory: Performance 
monitoring includes probing... . 

...and accesses, storage space, CPU utilization) and the use of central 
applications (such as a database ) . The information can be used to 
increase the LAN efficiency and pinpoint ^potential problems - such as disk 

...levels and to identify areas of improvement. Auditing involves 
evaluating the entire scope of the LAN and includes response time tests, 
analyzing security breaches, facility checks and usage monitoring. An 
audit should result in plans and procedures that improve the LAN. . . 
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Security Advisor monitors security applications around the clock, 
storing event logs in a central repository . Log information can be used 
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English Abstract . 

A method and system (500) for receiving data packet (505) in a virtual 
local area network (525) . 

French Abstract 

L 1 invention concerne des procedes et un appareil comprenant des produits 
de programme informatique qui mettent en oeuvre et utilisent des 
techniques permettant de traiter un paquet de donnees dans un dispositif 
d'acheminement de paquets . Ledit dispositif recoit un paquet de donnees. 
Un processeur determine une destination de reseau local virtuel pour le 
paquet de donnees recu et identifie un ensemble de regies associe a cette 
destination, ces regies etant appliquees audit paquet de donnees. 
Lorsqu'on determine une destination de reseau local virtuel pour le 
paquet de donnees recu, ce paquet de donnees est emis en sortie vers 
ladite destination a l f aide du resultat de 1 1 application des regies. 
Lorsqu 1 aucune destination n'a ete determinee, le paquet de donnees est 
elimine. L 1 invention concerne egalement un systeme de securite permettant 
de separer des ressources de systeme de securite en une pluralite de 
domaines de securite separes pouvant etre configures de facon a appliquer 
au moins une politique et a affecter des ressources de systeme de 
securite a au moins un domaine de securite. 
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Detailed Description 

can include a user interface for viewing and modifying a set of 
policies relating to a specific subsystem . The security system 
resources can include authentication services. The security system 
resources can include virtual private network (VPN) services. The 
security system resources can include traffic management services. The 
security system resources can include... 
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Claims 
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English Abstract 

A security subsystem is provided with at least a first security engine 
(106), a first set of registers (602, 604-608) and a control portion to 
perform a first security operation for each of a first number of data 
blocks of each of a first number of data segments of a first data object 
(116) . In one embodiment, the security subsystem is provided with two 
security engines (106) and two sets of registers to respectively perform 
the first security operation and a second security operation for the 
first data object and a similarly constituted second data object (116) . 
In one embodiment, the first and second security operations are DES 
(122a) and hashing operations. In one embodiment, the multi-method 
security subsystem is embodied in a multi-service system-on-chip. 

French Abstract 

La presente invention concerne un sous-systeme de securite muni d'au 
moins un premier moteur de securite, un premier ensemble de registres et 
une partie de commande pour effectuer une premiere operation de securite 
pour chacun d'un premier nombre de blocs de donnees d ! un premier nombre 
de segments de donnees d'un premier objet de donnees. Dans un mode de 
realisation, le sous-systeme de securite est equipe de deux moteurs de 
securite et de deux ensembles de registres en vue d ! effectuer 
respectivement la premiere operation de securite et une deuxieme 
operation de securite pour le premier objet de donnees et un deuxieme 
objet de donnees de structure similaire. Dans un mode de realisation, les 
premier et deuxieme operations de securite sont des operations de norme 
de chiffrement de donnees et de hachage. Dans un mode de realisation, le 
sous-systeme de securite a procedes multiples se presente sous la forme 
d'un systeme a services multiples realise sur puce. FIG. 1 : 102 
PROCESSEUR DE COMMANDE 112 CACHE-I 114 CACHE-D 104 MEMOIRE 116 OBJETS DE 
DONNEES 118 DESCRIPTEURS 106 SOUS-SYSTEMES DE SECURITE 120 ACCES DIRECT 
MEMOIRE INTELLIGENT 122 MOTEURS DE SECURITE 108 AUTRE S SOUS-SYSTEMES * 
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Detailed Description 

wherein a block diagram illustrating an 
overview of a SOC 100 including control processor 102, memory 104, 
security subsystem 106 incorporated with the teachings of the present 
invention, and 


other subsystems 108, in accordance with one embodiment, lB^ snown ' As 

illustrated, for the embodiment, control processor 102, memory 104, 
security subsystem 106 and other subsystems 108 are coupled to each 
other via on 

chip bus II 0, and communicate with each other in accordance with a 
predetermined bus protocol. In one embodiment, the on-chip bus... ■ 

.security subsystem 106 includes intelligent DIVTA 120 of the present 
invention . 

Resultantly, unless so desired, upon requested, security subsystem 

106 may 
4 

service a security need of one of subsystems 108 substantially without 
further interactions with control processor 102 and the requesting 
subsystem 108, thereby improving the overall operational efficiency of 
SOC 100. 

The terms "security service" and "security operation" are used 
interchangeably in the present application, depending on. . . 
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Claims 
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English Abstract 

A method and apparatus for verifying the integrity of devices on a target 
network (100) having two components: a subsystem (50) connected to the 
target network (100), and a master system (60), isolated therefrom by a 
secure lin (52). The topological and hierarchical relationship of the 
devices to each other improves stability of the apparatus. Random testing 


of the subsystem (50) by the master system (60) provide verification and 
independent self-checking. 

French Abstract 

La presente invention concerne un procede et un appareil de verification 
de l ! integrite de dispositifs sur un reseau cible (100) possedant deux 
composants : un sous-systeme (50) connecte au reseau cible (100) et un 
systeme principal (60), isole par une liaison sure (52). La relation 
topologique et hierarchique desdits dispositifs les uns par rapport aux 
autres ameliore la stabilite de 1' appareil. Le test aleatoire du 
sous-systeme (50) par le systeme principal (60) permet la verification et 
1 1 auto-controle independant. 
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Detailed Description 

... is provided a network security system to prevent intrusion on a target 
network having at least one security subsystem local to the target 
network provided to monitor network traffic an to detect attacks by an 
intruder on the system. The subsystem is connected via a secure link to 
a master system that is not otherwise connected to the target 
system. The master system monitors the subsystem via the secure 
link and registers information pertaining to the status of the subsystem. 
If the subsystem detects an attack on the target network, or does not 
respond to the master system , the master system will take 
appropriate action, ranging from logging the incident or notifying 1 a 
network manager to attempting to... outside the target network I 00, 
security on the network could be compromised. 

In the present invention, security subsystem 50 is connected to 

network 

backbone 12 and linked to each of the network's devices by a secure link 


...such as Secure 
7 

SUBSTITUTE SHEET (RULE 26) 

Sockets Layer (SSL). This ensures that communication between the 
security subsystem 50 and the other components of the target network 
cannot be intercepted by an intruder. A similar secure link 54 is 
established as a virtual private network (VPN) tunnel between the 
security subsystem 50 and a master system 60 connected to a 
remote network 110. Although the remote network is shown having its own 
firewalls . . . 

...router 68, the ultimate configuration of remote network I 10 is not 

critical beyond secure link 54 connecting security subsystem 50 and 
master system 60. However, secure links 55 may be established between 
a device such as a network scanner 63... 

...between the two networks cannot be intercepted by an intruder. 

Therefore, there should be no other direct connection between target 
network I 00 and remote network I 10 except over a secure link. 

Preferably, the... 

...to the present embodiment wherein, even if completely subverted during 


an attack on target system I 00, security subsystem 5 0 would not 
result in a takeover of master system 60. The benefit of this 
configuration is that the master system would still be able to carry 
out its function. For example, if master system . 60 is configured .to 
sound an alarm when security subsystem 50 no longer responds to it, 
there would be no way, in this embodiment, for intruders on target 
network 100 to remotely shut down master system 60 because the 
master system will not respond to any instructions issued from a 
subordinate system. Although master system 60 may lose control of the 
target network, it is not in danger of being taken over by it. 
Additionally, if the link 54 between master system 60 and security 
subsystem 50 is severed or compromised, instructions may be routable 
instead through secure links 55. 

9 

SUBSTITUTE SHEET. . . 
Claim 

1 A security system for a computer connected to a network of computers 
comprising: at least one security subsystem associated with said 
computer, said subsystem 

configured to detect attacks on said computer; 

and a secure link between said security subsystem and a master 
system enabling data 
communication therebetween; wherein 

said master system monitors said security subsystem through said 
secure link and registers information pertaining to attacks detected by 
said security subsystem - 

2 The security system of Claim I further comprising a pseudo attack 
generator associated with said master system for generating. . . 
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English Abstract 

Methods of and systems for illuminating objects using planar laser 
illumination beams having substantially planar spatial distribution 
characteristics that extend through the field of view (FOV) of image 
formation and detection modules employed in such systems . Each planar 


laser illumination beam is produced from a planar laser illumination beam 
array (PLIA) comprising a plurality of planar laser illumination modules 
(PLIMs) . Each PLIM comprises a visible laser diode (VLD) , a focusing 
lens, and a cylindrical optical element arranged therewith. The 
individual planar laser illumination beam components produced from each 
PLIM are optically combined to produce a composite substantially planar 
illumination beam having substantially uniform power density 
characteristics over the entire spatial extend thereof and thus the 
working range of the system. Preferably, each planar laser illumination 
beam component is focused so that the minimum beam width thereof occurs 
at a point or plane which is the farthest or maximum object distance at 
which the system is designed to acquire images. 

French Abstract 

La presente invention concerne des procedes et systemes d 1 illumination 
d'objets au moyen de faisceaux d 1 illumination laser planaire presentant 
des caracteristiques de distribution spatiale sensiblement planaire qui 
couvrent le champ d 1 observation de formation d' image et de modules de 
detection employes dans de tels systemes. Chaque faisceau d 1 illumination 
laser planaire est produit a partir d'une matrice de faisceaux 
d 1 illumination laser planaire (PLIA) comprenant une pluralite de modules 
PLIM d ! illumination par faisceau laser, Chaque PLIM est constitue d f une 
diode laser visible (VLD), d'une lentille de f ocalisation, et d'un 
element optique cylindrique monte en consequence. Chacun des composants 
du faisceau d ' illumination laser planaire produit a partir de chacun des 
PLIM est soumis a une combinaison optique de facon a produire un faisceau 
d 1 illumination laser composite sensiblement planaire aux caracteristiques 
de densite de puissance sensiblement uniformes sur la totalite de son 
etendue spatiale, et done sur la plage operationnelle du systeme. De 
preference, chaque composant du faisceau d 1 illumination laser planaire 
est focalise de facon a n 1 avoir qu 1 un minimum de largeur du faisceau au 
point ou sur le plan qui est a la plus grande distance de l'objet a 
laquelle le systeme est concu pour 1 1 acquisition d 1 images, ce qui 
compense la perte de densite de puissance du faisceau incident 
d ' illumination laser planaire en raison du fait que la largeur du 
faisceau d ! illumination laser planaire augmente en longueur de facon a 
augmenter la distance par rapport a 1' optique d'imagerie. Grace a la 
presente invention, il est maintenant possible d'utiliser des detecteurs 
image de type VLD et a cellule CCD grande vitesse dans des applications a 
bande transporteuse, douchette ou sous-table, tout en tirant profit des 
avantages que procure une telle technologie, tout en evitant les 
inconvenients qui s ! y rattachaient jusqu'alors. 
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Claim 

that the numerous time-varying speckle-noise patterns can be 
temporally and spatially averaged during the photo- integration time 
period thereof, thereby reducing the RMS power of speckle-noise patterns 
observed at the image detection ... length of the VLD), and temporally and 
spatially averaged at the image detection array during the photo- 
integration time period thereof, thereby reducing the RMS 
power of speckle-noise patterns observed at the image detection ... image 
detection array, thereby allowing the numerous speckle-noise patterns to 
be temporally averaged over the photo- integration time period and 
spatially averaged over the image detection element 

and the RMS power of the observable ... varying speckle-noise patterns are 
temporally and spatially averaged at the image detection array during the 


photo- integration time period thereof, thereby reducing the RMS power 
of speckle-noise patterns 

observed at the image detection ... Subsystem during the photo-integration 
time period thereof, which are temporally and spatially averaged during 
the photo- integration time period of the image detection array, thereby 
reducing the RMS power 

level of speckle-noise patterns ... to be produced at the 

vertically-elongated image detection elements of the IFD Subsystem during 
the photo- integration time period thereof, which are temporally and 
spatially averaged during the photointegration time period of the image 
...lens, a variable focal distance and fixed field of view is arranged on 
an optical bench, mounted within a compact module housing, and 
responsive to focus control signals generated by the camera control 
computer of . . .dual-VLD PLIA and a linear CCD image detection array having 
vertically-elongated image detection elements configured within an 
optical assembly which provides a despeckling mechanism that operates in 
accordance with the first generalized method. .. generalized method of 
speckle-pattern noise reduction illustrated in Figs. MA through MD, and 
which also has integrated with its housing, (2) a LCD display panel for 
displaying images captured by said engine and inf ormation . . . a fixed focal 
length/variable focal distance image formation optics, (ii) an IR-based 
object detection subsystem within its hand-supportable housing for 
automatically activating in response to the detection of an object in its 
...of symbol character data to a host computer system in response to 
decoding a bar code symbol within a captured image frame, and (iv) "a 
LCD display panel and a data entry keypad for supporting ... first 
illustrative embodiment of the airport security method of the present 
invention carried out using the 
airport security system shown in Fig. 68A; 

Fig. 69A is a schematic block system diagram of a second illustrative... 
ensuring that these two conditions are satisfied to the best degree 
possible (at the planar laser illumination subsystem and the camera 
subsystem ) will ensure optimal reduction in speckle-noise patterns 
observed at the image detector of the PLIIM-based. . . will factor into the 
specification of the spatial phase modulation function (SPMF) of this 
speckle-noise reduction subsystem design. In general, if the system 
requires an increase in reduction in the RMS power of speckle ... numerous 
substantially different time-varying speckle-noise patterns at the image 
detection array (of the accompanying IFD subsystem ) during the 
photo-integration time period thereof. These time-varying speckle-noise 
patterns are temporally and possibly ... of substantially different 
time-varying speckle-noise patterns generated at the image detection 
array during each photo- integration time period thereof: (i) the 
spatial period of the spatial phase modulating elements arranged on the 
surface ... 
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English Abstract 

A probe (2000) monitors sensors attached to the network for evidence of 
unauthorized intrusions. Such sensors include: firewalls and intrusion 
detection systems (1010), commercial sensors and agents (1020), decoys 
and honeypots (1030), and custom sensors and agents (1040). Noteworthy 
data indicating an unauthorized intrusion are formatted by the probe 
(2000) into messages which are sent to pipes (3000) to gateway system 
(4000) via internal network (5000), and then to the SOC (6000). The 
operation of SOC (6000) can be controlled by operating procedures (6030) . 
Such operating procedures can include, for example, which customer 
contacts should be notified about what type of events and how to respond 
to certain types of attacks. The SOC (6000) can generate reports (6040) 
based on the activity of the network. All suspicious activity of the 
network, alert (6050) the security analyst (6010), and those suspicious 
events are stored in the database (6020) . 

French Abstract 

Une sonde (2000) surveille des detecteurs relies au reseau qui signalent 
des intrusions non autorisees. Lesdits detecteurs comprennent des 
cloisons et des systemes de detection d f intrusions (1010), des detecteurs 
et des agents du commerce (1020), des leurres et des encodeurs 
(honeypots) (1030), des detecteurs et agents sur mesure (1040). Les 
donnees d'interet indiquant une intrusion non autorisees sont formatees 
par la sonde (2000) sous forme de messages qui sont envoyes a des canaux 
(3000) et a un systeme de portail (4000) via un reseau interne (5000), 
puis aux centres d f operations securises (SOC) (6000). La marche des 
SOC(6000) peut etre commandee par des procedures operatoires (6030). Ces 
procedures concernent, par exemple, les contacts client a prevenir en cas 
de tel ou tel type d'evenement et modalites de reaction face a certains 
types d'attaque. Les SOC (6000) peuvent produire des rapports (6040) en 
fonction de l f activite du reseau. En cas d'activite suspecte sur le 
reseau, un analyste securite (6010) est alerte (6050) cependant que les 
evenements suspects sont stockes dans la base de donnees (6020). 
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English Abstract 

A method for conducting a transaction between a client system and a 
server system is described. The method may include registering 
information about a particular client system from among multiple client 
systems. The information is registered on a server system and may include 
a characteristic specific to the client system being registered. The 
method may also include purchasing access to the file by the client 
system from the server system and enabling the file to be accessed only 
by the client system purchasing access to the file. The access of the 
file may be enabled based on the characteristic specific to the client 
system. 

French Abstract 

L 1 invention concerne un procede permettant d ! effectuer une transaction 
entre un systeme client et un systeme serveur. Le procede peut contenir 
des informations d ' enregistrement relatives a un systeme client 
particulier parmi une multiplicite de systemes clients. Des informations 
sont enregistrees dans un systeme serveur et peuvent contenir une 
caracteristique specif ique au systeme client enregistre. Le procede peut 
aussi consister en l 1 achat d'un acces au fichier par le systeme client a 
partir du systeme serveur et la validation de l f acces au fichier 
uniquement par 1 ' achat par le systeme client de 1' acces au fichier. 
L' acces au fichier peut etre valide sur la base de la caracteristique 
specif ique au systeme client. 
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... bit block cipher that accepts a variable length key up to 256 bits. 
Twofish is available from Counterpane Internet Security , Inc., of 
San Jose, CA. Twofish is known in the art; accordingly, a more detailed 
discussion is . . . 

. . .provided 

In an alternative embodiment, encryption engine 520 may use another 
encryption algorithm, for examples, Blowfish from Counterpane Internet 

Security , Inc., of San Jose, CA; Serpent from Lars Knudsen of the 
University of Bergen, Norway, and Data... 
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French Abstract 

L' invention concerne un systeme, un procede, et un article manufacture de 
gestion proactive mis en oeuvre au cours de la maintenance et de 
l'entretien d'un environnement du type chaine d ' approvisionnement 
reseautee. Les appels telephoniques, les donnees et autres informations 
multimedia sont routes via un reseau assurant le transfert des 
informations via Internet au moyen d* informations de routage telephonique 
et d 1 informations d'adresse de protocole Internet. Ledit reseau comprend 


un gestionnaire de seuil proactif qui avertit a 1 1 avance les fournisseurs 
d'une rupture de contrat imminente. Ledit gestionnaire de seuil proactif 
envoie une alarme au fournisseur de services lorsque le niveau de service 
du moment n f atteint plus le niveau de service determine dans le contrat 
en termes de maintien d ! un certain niveau de service. 
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Detailed Description 

the switches have passed the burden of translating the time into a 
usable format to the network subsystems . The fixed record format cannot 
acconimodate the various time period requirements because (inverted 
exclamation mark)t only... the present invention. The Fault Management 
component 4 600 records failures and exceptions in network devices (e.g. 
network routers or UNIX servers) and perforiris the following 
operations . 

1) performs root-cause correlation of the failures... 
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English Abstract 

A system (32) and method for computing and collecting taxes is disclosed. 
In particular, the invention properly computes and collects, e.g., sales 
and use taxes that is consistent legal guidelines and restrictions 
imposed by national governments such as the United States. Accordingly, 
the invention is useful for computing and collecting taxes on Internet 
sales . 

French Abstract 

L 1 invention concerne un systeme et un procede de calcul et de 
recouvrement des taxes. En particulier, le systeme selon 1 ! invention 
permet le calcul correct et le recouvrement de l'impot, notamment la taxe 
de vente et d ' utilisation, selon les termes des directives et des 
restrictions juridiques imposees par les gouvernements nationaux, tels 
que le gouvernement des Etats-Unis. Le systeme et le procede selon 
1' invention sont done utiles pour le calcul et le recouvrement des taxes 
sur les ventes par Internet. 
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... authorities (or more precisely, the tax authority nodes 60). Thus, the 
tax authority interaction control system 432 includes a network 
interface and security subsystem 252B which may be identical to the 
network interface and security subsystem 252A of the merchant 
interaction control systein 256 mentioned hereinabove. In particular, the 
network interface and security subsystem 252B provides a secure 
socket layer (SSL) as part of the network 46 interface with the tax.,. 

...encryption key per tax authority as one skilled in the art will 

understand. The network interface and security subsystem 252B (and 
252A) includes the appropriated modules for transmitting and receiving 
data from the network 46 according... 
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English Abstract 

Apparatus and methods for a web-based transaction data storage and 
retrieval offering for merchants and customers, providing; retailers the 
operational cost savings of electronic signature capture with minimal 
integration of such signatures into their legacy systems. Transaction 
data including signatures are securely transmitted from the merchant to 
the remote, transaction-record repository. An internet browser then 
accesses an electronic-records-service web-site that provides a 
straightforward, user-friendly Interface (for searching 
transaction-record data) for recreating receipts as proof of a 
transaction. When a transaction record (a receipt, for example) is 
required, the customer, the merchant's employees or designated financial 
agents of the customer or the merchant (banks or payment processors, for 
example) can access the electronics-records service through an internet 
using a web browser. These records can be viewed, downloaded or printed; 
or faxed or e-mailed to the desired recipient. 

French Abstract 

Cette invention concerne un dispositif et des procedes portant sur un 
systeme Web de stockage et de recuperation de donnees de transaction a 
l f intention de vendeurs et de clients. Grace a ce systeme, les 
detaillants peuvent reduire les couts operationnels en rapport avec la 
capture de la signature electronique, pour une integration minimale 
desdites signatures dans leurs systemes existants. Des donnees de 
transaction avec signatures sont transmises en toute securite du marchant 
a une logitheque a distance d ' enregistrement des transactions. Un 
navigateur Internet permet ensuite d'acceder a un site web avec service 
d 1 enregistrement electronique qui assure une interface directe et 
conviviale (pour la recherche de donnees de transaction) en vue de la 
re-creation de recus comme preuve de la transaction. Lorsqu'une piece 
relative a une transaction (un recu par exemple) doit etre fournie, le 
client, le personnel du vendeur ou des agents financiers dument designes 
du client ou de vendeurs (tels que banques ou organismes charges du 
traitement des paiements ) peuvent acceder aux dossiers electronique via 
Internet au moyen d f un navigateur. Ces dossiers peuvent etre etudies, 
transferes ou imprimes, ou bien etre expedies par telecopie ou courrier 
electronique au destinataire voulu. Pour acceder a un dossier 
electronique, 1 1 utilisateur se rend sur le site Internet correspondant , 
s'enregistre et choisit la transaction pour laquelle il souhaite voir le 
recu. Pour cette recherche, il peut utiliser divers moyens (tels que 
date, emplacement d 1 enregistrement, montant total de la transaction) et 
observer visuellement le recu. L 1 utilisateur peut utiliser le dossier 
ainsi recupere de la transaction pour contester une facturation ou bien 
retourner ou echanger un bien. Ce service d ' enregistrement de dossiers 
constitue ainsi un moyen rapide et economique au service du client tout 
en ameliorant la qualite du service a la clientele. 
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Claim 

. . . embodiment, the row is 

the foundation of information transfer for eReceipts 
objects . 

Search service: The visual and interactive part of the data form, which 
10 

part executes on a web server and browser. 
Service administrator. . . 


. .180. 

Each merchant 120 and some or all of the optional 
intermediate partner data center (s) 130 communicate over the 
communications link 160, typically a private network. The optional 
intermediate partner data center (s) 130 communicate (s) with the data 
farm 140 using the communications link 170, also typically a private 
network. (Where... 

..intermediate data center 130 is present, the 
I I 

merchant (s) 120 and the data farm 140 communicate directly using the 

then-unitary communications links 160,170.) 

In addition to communicating using the private nefworks... 

. .s) 120, any optional intermediate data center(s) 130 and 
the data farm 140 are each communicatively connected as hosts on the 
internet 180, allowing any one to communicate with any other one 
through 

that internet 180. (The personal computer 190 is viewed as a host... 
. .the 

infernet 180, although its actual status is more likely to depend on the 
directness of its connection to that internet 180, for example, through 
optional service providers not shown.) 
A merchant 120 includes a... 


.more point-of-sale (POS) systems 126. A POS system 126 and the 
merchant data center 127 communicate over a communications link 128 
(typically a serial link) or a communications link 122. In addition to 
communicating using the link(s) 128,122, the POS system 126 is 
communicatively connected as a host on the internet 180, allowing 
communication with any other host on the internet 180... 
.web-enabled portions 1262,1261 of the POS 

payment platform, may maintain them distinct from but directly connected 

to each other or may only associate the non-web-enabled and webenabled 
portions 1262,1261 of the POS platform (i.e., indirectly connect the 
cash-register and interactive web-enabled portions 1262, 1261 of the 
payment platform.) Alternatively, the POS system 126 may omit the... 
stereo, inter alia. 

With each item identified, the POS system 126 and the 
merchant data center 127 communicate . The result of the 
communications is that the customer is shown a description of the item 
lost. . . 

.tax amount, etc. These descriptions may display on the transaction 
computer 126. 

The POS system 126 also communicates with the data form 140 

as the items are identified. The result of the communications is that... 



. ..s store (or web site) or from a 

manufacturer 130 regarding consumer electronics. He may see an 

interactive advertisement. 
In a batch system 100, items are identified and stored in the 
merchant data center 127 and bulk (batch) data is communicated to the 
data farm 140 at predetermined times. 

Each transmitted content encourages the customer to attend 
to. . . 

...or clicking on an area of a web page, for example. 

Any response to a content is communicated to the data farm 

140. The farm 140 may alter the current or any subsequent presentation of 


.The lack of a response, 

which is of itself useful information, may or may not be explicitly 
communicated to the data form 140.) Additionally or alternatively, the 
interactive portion 12 61 may be so responsive. 

At some point in the transaction, usually after the sales agent... 

.This early identification may help target the contents for 

display to the identified customer. 

DEVICES 

- Web-Enabled Interactive Point-of -Salle Device 
Figures 2 and 3 illustrate embodiments of the transaction 
computer (TC) 1261 of a web- enabled interactive POS system 126. 
Figure 2 is an illustration of a TC 200 of a POS system 126... 

.transaction computer 200 or 300 in a POS system 126. The TC 

200, 300 includes a processor subsystem 510, a security subsystem 

520, an 

input subsystem 530, an output subsystem 540, a payment subsystem 550, a 
communications subsystem 560... in the communications subsystem 560 and 
other drivers as 

necessary to operate the input, output, payment and security 
subsystems 

530, 540, 550, 560. Hyper-Text Markup Language (HTML) and Java 
(available from Sun Microsystems of Mountain... 

.TCP) and Internet Protocol (IP) are currently the most popular 
protocols . 

Extensible Markup Language (XML) and Secure Soc ' ket Layers (SSQ are 
examples of other applicable, popular protocols. 
The memory 512 may also include application. . . 
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Detailed Description 

Claims 

Fulltext Word Count: 151011 
English Abstract 

The present invention is provided for comparison shopping by utilizing a 
customer's profile to prioritize the features of a group of similar, 
competing products. First, a customer's profile is developed. This 
profile may be developed from many sources including customer input, 
customer buying habits, customer income level, customer searching habits, 
customer profession, customer education level, customer's purpose of the 
pending sale, customer's shopping habits, etc. Next, the customer selects 
multiple, similar items, i.e. products or services to compare. Finally, a 
comparison table is presented which prioritizes the features in 
accordance with the customer's profile. 

French Abstract 

La presente invention concerne un achat par comparaison grace a 
1 1 utilisation d ' un profil consommateur pour etablir des priorites .dans 
les caracteristiques d'un groupe de produits analogues en concurrence. 
D'abord on elabore un profil consommateur. Ce profil peut etre elabore a 
partir de plusieurs sources, y compris une entree de donnees du 
consommateur, les habitudes d* achat du consommateur, le revenu du 
consommateur, les habitudes de recherche du consommateur, la profession 
du consommateur, le niveau d 1 education du consommateur, les attentes du 
consommateur pour la vente en cours, les habitudes d' achat du 
consommateur, etc. Ensuite, le consommateur selectionne plusieurs 
articles analogues, c.-a-d. des produits ou des services afin de les 
comparer. Enfin, un tableau de comparaison produit etablit des priorites 
de caracteristiques en fonction du profil du consommateur. 

Legal Status (Type, Date, Text) 

Publication 20001207 A2 Without international search report and to be 

republished upon receipt of that report. 

Examination 20010222 Request for preliminary examination prior to end of 

19th month from priority date 

Fulltext Availability: 

Detailed Description . . . 

Detailed Description 

... addressing performance issues. 

g) Do the users have a choice of whether or not to use the system ? 
User interface prototyping tools are important since they allow 
developers to obtain user input early on in... and to agree on a deadline 
for these enhancements. 

c) Will the vendor guarantee consistency of all interfaces acrossfuture 
releases? The biggest danger in using packaged components is that the 
vendor will make changes to the component interfaces . When selecting 
packaged components make sure the vendor guarantees backwards 


compatibility of all the existing interfaces provided the component. 
If this is not the case, it will entail much reworking of the... 


...5 specifically for the platform of the target system. 

e) Does the component provide standard or proprietary interfaces ? 
When choosing between packaged components, always choose standard 
interfaces over proprietary ones. It will always be easier to customize 
and interface a component whose language is known to the development 
team, rather than one which requires developers to. . .b) Does the editor 
support multiple languages? 

Some IDEs provide support for many languages using the same interface 
(for example, MS Developer Studio supports C, C++, Java, Fortran) . This 
has the advantage of providing the... 

...enter program break points and step through a program, tracking the 
progress of execution and identifying errors interactively . It is 
typically used in conjunction with the source code editor so that coding 
errors identified can ... a, starting point for programming. 

Shell generation is typically repository-based but can also be based on 
interaction with the programmer, where the generation utility requests 
key information about the program, and generates a starting. . . 

...the programmer) may include. 

0 Data base tables accessed 

0 Methods and attributes defined (for objects) 
0 Interface inforination 

Based on this inforination, the generator selects the appropriate include 
files and creates skeleton code which... 

. . .programming tools) allows the developer to rapidly design windows and 
pages using a point and click graphical interface . ne relevant source 
code is subsequently generated from these designs. 

The generation of DDL and DML is ... outweigh the value of wrapping an 
object/code. As objects/code become more complex, with more functions/ 
interfaces , then the value of wrapping them becomes more tangible. 

172 

Media Content Creation 

As systems become increasingly user-facing, it is important to design 
user interfaces that are not only functional, but also engaging and 
informative. This is especially true of Internet and kiosk-based systems, 
where users have a notoriously short concentration span. 

This requirement for more attractive user interfaces has triggered the 
evolution of media-rich applications, the development of which requires 
new tools and processes ... that component testing is complete. To view the 
test case checklist follow the doclink. 

d) What components interface with the Test Planning component? 

The following components interface with the Test Planning component. 

Tools - System Building - Test - Test execution, This interface relates 
to the actual Test Planning scripts for an automated script playback 
capability. The scripting tool can... not directly related to the systems, 
or are performed infrequently. Many of the functions, however, require an 
interface to the systems, or involve large volumes of data. 

Is integration with any existing systems required? 
If . . . 

...technical expertise will be needed at remote sites, and there 
is the potential for problems with the interfaces between tools, 
Platform Constraints 

Systems-based tools (e.g., for monitoring or control purposes) will 


clearly be. 


...functions is highly desirable. Integrated toolsets offer integrated 
functionality across a number of functions, thus simplifying the 
interfaces between them (e.g., data will automatically be consistent 
across functions). Purchase of such tools will help... 

...the vendors to determine whether these requirements are being met. 

PRESENTATION (1302) 

The presentation component provides the interface between the 
manager (s) of the system and management data generated by the system.' 
Data can be . . . 

...of output. By integrating the operational architecture it is possible to 
reduce the number of front-end interfaces required. Commonly, the 
presentation component uses a GUI front-end interface . This component 
is also responsible for real-time and historical report generation. 

EVENT PROCESSING (1304) 
Event processing... 

...information on to either the presentation or management applications 
layers. Again it is important to consider the interface of the event 
processing component with the other components of the operational 
architecture . 

Help Desk (1306) 

As... IS organizations to ensure the incidents and problems get resolved). 
, Incident Management (1308) 

Incident Management provides the interface between the users of 'the 
system and those operating and maintaining the system when an incident 
arises . . . 

...required to perform at least some of these management tasks. 
EVENT / DATA GENERATION (1314) 

Event/data generation interacts with all the managed components in the 
execution and development environments in order to obtain the required 
management information. 

This component also interacts with the physical environment, managing 
hardware, and supporting infrastructure components of the operational 
architecture to obtain management information. It is important to 
consider these interfaces when choosing event/data generation 
components. Agents and proxies are two common types of event/data 
generation ... entire organization. (Case based tools will 
require building up over time.) 
Incident Management 

Incident Management provides the interface between the users of the 
system and those operating and maintaining the system when an incident 
arises . . . 

...be automatically logged or only by manual association with an 
incident? 

Automatic logging of problems will require interfaces to be built with 
the Event Management system, and perhaps the execution architecture for 
application errors. 

Request . . . 

...user, vendor, or developer. Request Management I 0 determines if and 
when requests will be fulfilled through interaction with the particular 
function (s) impacted by the request. Following such interaction / 
accepted requests will be planned, executed, and tracked. 


Implementation Considerations 
Will users be given access to 


the. 
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Claims 
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English Abstract 

Systems (Figs. 1 and 2) for transmitting voice/data using 
multiprotocols . 

French Abstract 

La presente invention porte sur des systemes (figures 1 et 2) qui 
permettent de transmettre des signaux vocaux et des donnees a 1 ' aide de 
multiprotocoles . 

Fulltext Availability: 
Detailed Description 

Detailed Description 

applications; provides a single point of contact for fault isolation; 
ensures maximum application availability by isolating application 
subsystems ; increases security by preventing unauthorized access; 
prevents interruption of service due to power supply failure; ensures 
maximum system availability by providing an independent watchdog 
service; keeps the user informed of system status through notification of 
system problems, no matter where the... 
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English Abstract 

The present invention provides systems and methods for electronic 
commerce including secure transaction management and electronic rights 
protection. Electronic appliances such as computers employed in 
accordance with the present invention help to ensure that information is 
accessed and used only in authorized ways, and maintain the integrity, 
availability, and/or confidentiality of the information. Secure 
subsystems used with such electronic appliances provide a distributed 
virtual distribution environment (VDE) that may enforce a secure chain of 
handling and control, for example, to control and/or meter or otherwise 
monitor use of electronically stored or disseminated information. Such a 
virtual distribution environment may be used to protect rights of various 
participants in electronic commerce and other electronic or 
electronic-facilitated transactions. Secure distributed and other 
operating system environments and architectures, employing, for example, 
secure semiconductor processing arrangements that may establish secure, 
protected environments at each node. These techniques may be used to 
support an end-to-end electronic information distribution capability that 
may be used, for example, utilizing the "electronic highway". 

French Abstract 

Systemes et procedes destines au domaine du commerce electronique, et 
notamment a la gestion securisee des transactions et a la protection 
electronique des droits. Les appareils electroniques tels que les 
ordinateurs utilises conformement a la presente invention permettent 
d' assurer que les informations ne sont consultees et exploitees que de 
maniere autorisee, et ils conservent l ! integrite, la disponibilite et/ou 
le caractere confidentiel des informations. Les sous-systemes securises 
utilises en association avec de tels appareils electroniques constituent 
un environnement de distribution virtuel distribue (VDE) apte a imposer 
une chaine securisee de traitement et de commande, par exemple pour la 
commande et/ou la mesure ou encore le controle de 1 1 utilisation 
d 1 informations stockees ou dif fusees electroniquement . Cet environnement 
de distribution virtuel peut servir a proteger les droits de differents 
individus impliques dans le commerce electronique et dans d'autres 
transactions electroniques ou assistees par des moyens electroniques. On 
a egalement prevu des environnement s et architectures de systeme 
d ' exploitation distribues, securises et autres mettant en oeuvre, par 
exemple, des ensembles de traitement securise a semi-conducteurs pouvant 
etablir des environnements securises et proteges au. niveau de chaque . 
noeud. Ces techniques peuvent servir de soutien pour une fonction 
electronique de distribution d 1 informations de bout en bout, cette 
fonction etant utilisable, par exemple, dans le domaine de 1 1 "autoroute 
electronique" . 



Fulltext Availability: 
Detailed Description 

Detailed Description 
. . . as needed. 
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As mentioned above, memory external to SPU 500 may not 
be secure. Therefore, when security is required, SPU 500 must 
encrypt secure information before writing it to external memory, 
and decrypt secure... 
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English Abstract 

A tag (30) associated with a device (12) and that identifies the device 
with respect to other devices is connected to a communication link (16) 
with the same connector (100) used to connect the device to a source of 
power (110). The device connector includes an element for receiving 
electrical power and a data contact (106) connected to the tag. An 
electrical power connector (110) (which serves as the power source) has 
an element for engaging the element of the device connector and applying 
electrical power thereto, and another data contact (120) connected to the 
communication link (16). When the device connector is engaged with the 
electrical power source connector, the data contacts engage one another 
and establish a data path between the communication link and the tag. The 
connection to the communication link allows information to be exchanged 
between the communication link and the tag. 

French Abstract 

Un marqueur (30) associe avec un dispositif (12) permet d f identifier le 
dispositif par rapport a d'autres dispositif s. Ce marqueur est connecte a 
une liaison de communication (16) par le meme connecteur (100) que celui 
utilise pour connecter le dispositif a une source (110) de courant. Le 
connecteur du dispositif comporte un element pour recevoir le courant 
electrique et un contact (106) pour les donnees connecte au marqueur. Un 
connecteur (110) a courant electrique (qui sert de source de courant) a 
un element pour s ' engager, avec l 1 element du connecteur du dispositif et 



assurer son alimentation en courant electrique et un aut^^ contact (120) 
pour donnees connecte a la liaison de communication- (16). Lorsque le - 
connecteur du dispositif est engage avec le connecteur de la source de 
courant electrique, les contacts pour donnees s ! engagent ensemble et 
etablissent un trajet de communication entre la liaison de communication 
et le marqueur. La connexion a la liaison de communication permet un 
echange d 1 information entre la liaison de communication et le marqueur. 

Fulltext Availability: 
Detailed Description 

Detailed Description 

522 (Fig, 20) is integrated with an alarm system 620 and 
digital camera 622 to provide a security subsystem in 
location 18a (e,g., a storeroom or patient room), The 

security subsystem allows only those users with an 
authorized identifications (e.g., user IDs as indicated 
by tags 30. . . 

...624) can remove devices 12 

(such as device 12e) plugged into power strip 500. Host 
computer 60 tracks whether device 12e has been 
disconnected before a user ID has been read by badge 
35 reader . . . 

. . . 14 to 

5 take a picture of the user. Digital camera 622 transmits 
the photograph of the unauthorized user of device 12e as 
a digital file to host computer 60 over network 14 . 

Alarm system. . . 
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English Abstract 

A home automation system comprises a number of sub-systems for 
controlling various aspects of a house, such as a security sub-system 
(50), and HVAC sub-system (70), a lighting control sub-system, and an 
entertainment sub-system. 1 The network comprises a host computer (20) 



connected through a host interface (24) to a plurality o^Riodes (25-30) . 
The network is in a free form topology and employ asynchronous 
communication. The host computer (20) polls each node on the network to 
determine system configuration and to perform a diagnostic check on the 
system. The messages that are transmitted between the nodes are comprised 
of a source address, a destination address that uniquely indentifies the 
location of each piece of hardware on the system, a message type field, 
and a data length segment. Each hardware device has a mirror image 
software object in the host computer to which messages are directed. 

French Abstract 

Un systeme domotique comprend un certain nombre de sous-systemes qui 
commandent di verses operations domestiques, par exemple un sous-systeme 
de securite (50), un sous-systeme d ' alimentation electrique haute tension 
(70), un sous-systeme de commande de l'eclairage et un sous-systeme de 
loisirs. Le reseau comporte un ordinateur central (20) connecte par une 
interface hote (24) a une pluralite de noeuds (25-30) . Le reseau a une 
topologie a structure non imposee et fait appel a une communication 
asynchrone. L 1 ordinateur central (20) interroge chaque noeud du reseau 
pour determiner la configuration du systeme et realiser un diagnostic du 
systeme. Les messages transmis entre les noeuds se composent de l'-adresse 
de la source, d'une adresse de destination qui identifie specif iquement 
1 * emplacement de chaque element de materiel du systeme, d'un champ de 
message et d ! un segment de longueur de donnees . Chaque appareil cable 
possede un objet logiciel correspondant dans 1' ordinateur central, auquel 
les messages sont destines. 

Fulltext Availability: 
Claims 

Claim 

. . . of the invention comprises a 

home automation system having a number of sub-systems, 
such is a security sub - system , a lighting control sub 
system, and an environmental control sub-system, The 
home automation system comprises a. . . 

...of the invention comprises a 

home automation system having a number of sub-systems, 
such as a security sub - system , a lighting control sub 
system, and an environmental control sub-system. The 
home automation system comprises a. . . 

. . .of the invention comprises a 

home automation system having a number of sub-systems, 

such as a security sub* - system , a lighting control sub 

system, and an environmental control sub-system, The 

home dutomation system comprises a ... interfaces employ a common means of 

controlling 

associated devices, 

A fifth aspect of the invention comprises a 

watch dog timer for use in a home automation system. 
According to this embodiment of the invention, a watch 
dog timer circuit initiates a phone call to an off-site 
location when an operation signal is... 

... a bus inter 

face circuit in the host interface; 

Fig, 8 is a schematic diagram of a watch dog 

timer; 

- 10 * ' - 

Fig. 9 is a flow chart illustrating a run time 
diagram for the host... 

... an event 

processing loop for the host computer; 

Fig. 11 is a block diagram of a home security 


sub - system in the home automation system; 
Fig, 12 is a block diagram of an embodiment of 
a zone in the home security sub - system ; 
Fig, 13 is an exemplary house layout depicting 
a second embodiment of the zones in the home security 

sub - system ; 
Figs, 14A, 14B, and 14C depict possible modes 
of operation for the home security sub - system '; 
Fig, 15 is a schematic of a keypad interface 
for the home security sub - system ; 
Fig, 16 is a block diagram of an environmental 
control sub-system; 
Fig, 17 is a schematic. . . 

..nodes, such as an AC Power. Module node, 
The host computer 20 is also connected to a watch dog 
timer 22 which is then connected to an auto-dialer 23, 
Each node may then be... As generally shown in Fig, 3, the system 
includes a circuit which is referred to as a " watch dog 
timer" 22. This circuit periodically monitors the host 
computer 20 to verify that the home automation system 
- 15 

remains active. If the system fails to indicate that it 
still is on line, the watch dog timer 22 can initiate a 
call over the telephone lines to an off-site location and. . . 

..that the system is not active. 
Fig. 8 is a schematic diagram showing an 
embodiment of the watch dog timer 22 according to-the 
present invention, As shown, the watch dog circuit is 
capacitively coupled to the host computer 20 through a 
serial port, The host computer... 

. . technique known 
in the art, 

To ensure the reliability of the monitor fea 

ture provided by the watch dog timer 22, the watch dog 

circuit is powered by a backed-up supply which is inde 

pendent of the power supplied to the rest of the system, 

Further, as shown, the watch dog circuit includes a 

power-up reset circuit, The reset circuit includes a 

timer circuit U4 which... a message to transmit and the bus has been 

captured by another node, then the node randomly monitors 

the bus until a free slot to transmit a message has been 

detected . 

As part of an error checking routine, the host 
computer 20 transmits at periodic intervals a message to 
every node to determine whether For instance, 
all thermostat control nodes would have the same type 

segment, Also, all nodes that monitor intrusion sensors WO 95/22087 
PCTfUS95/01805 - 19 

analog input card and a digital input card* The subtype ... digital 
input card may have a plurality of channels with each one 
associated with a different window intrusion sensor. The 
connection segment would then provide a different address 
for each sensor on that digital input... 
..20 can monitor the status of 

every hardware device. For instance, the address for a 
particular window intrusion sensor would contain a domain 
segment identifying the sensor as a hardware device, a 
node ID segment that uniquely identifies the node, a type 
segment indicating that the node is one that monitors 
security sensors, a subtype segment that identifies the 
digital input card to which the window intrusion sensor 
is connected, a board segment which identifies the phys 
ical location of the digital input card. . . 



...messages. 

The use of the various segments in the address 

also allows the host computer 20 to check the status of 

the network and to determine the configuration of the 

network, For instance, by using... 201, the 

host computer 20 evaluates timer events to determine 

whether any timers have expired and to check on all time 

of day events. For instance, at step 201, the host com 

puter 20 might . . . 

...defined by a distinct zone 
52e 

Alternatively, a first security zone 52 may 
comprise a node that monitors all of the door intrusion 
sensors while a second security zone 52 may comprise a 
node that monitors all of the window intrusion sensors. 
Fig* 13 illustrates an exemplary layout of the zones 52 
in a house. As shown in the figure, a first zone is 
comprised of all door intrusion sensors 1, a second zone 
encompasses all window intrusion sensors 2, a third zone 
is defined to include all fire sensors 3, a fourth zone 
contains . . . 

...intrusion, the host computer 20 

may then transmit a message to a security alarm 56 in the 

security sub - system to emit a siren, a message to. the 
lighting control sub-system to turn on lights, and. . . 

. . .20 

takes in response to an event depends in part upon the 
mode of operation of the * security sub - system , As an 
example, Fig. 14A illustrates a night mode of operation 
where the interior motion sensors do ... communicates 
with its mirror image software object in the host 
computer 20. The software in the node monitors the phys 
ical button 80 and transmits messages to the mirror image 
software button 82 in the... 
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English Abstract 

The invention is a system for protecting the security of computer files. 
It has hardware elements, including a programmable auxiliary memory and 
control unit along with associated software elements. The security * 
subsystem is installed on the host computer bus so that it resides in 



the control logic, address, and data signal path between^Re computer 
storage device and central processing unit. The security system is 
accessible by the computer operating system only during installation and 
initialization. Thereafter it is - inaccessible to or by the operating 
system. Supervisor determined criteria for access permission to read/ 
write and execute files are entered into the auxiliary memory system 
where they are protected from alteration. The security system will deny 
access to users with invalid entry criteria and refuse to write data to 
the file storage device when unauthorized operations have been 
performed. When breaches of these types occur the security system can 
lock the computer against further activity until it is released by entry 
of a master password from supervisory or security personnel. The system 
maintains a protected area in the computer memory device where, among 
other data, file signatures of all valid files are retained. The 
protected area of memory also maintains appropriate signatures of all 
internal files in the security system so that they can be automatically 
checked for integrity. 

French Abstract 

L' invention concerne un systeme de protection pour la securite des 
fichiers d ' ordinateur . II possede des elements machine, comprenant une 
unite de commande et memoire auxiliaire programmable ainsi que des 
elements de logiciel associes . Le sous-systeme de securite est installe 
sur le bus de 1' ordinateur central de sorte qu'il reside dans le chemin 
de- logique de commande, d'adresse et de signaux de donnees entre le * 
dispositif de stockage de 1 ' ordinateur et 1 'unite de traitement centrale. 
Le sous-systeme de securite est accessible par le systeme de 
f onctionnement de 1' ordinateur uniquement pendant 1 1 installation et la 
mise en marche. Ensuite, il est inaccessible au systeme de f onctionnement 
ou par ce systeme de f onctionnement . Des criteres determines par un 
superviseur pour 1 ' autorisation d' avoir acces au fichier, a leur lecture 
et a leur ecriture, sont entres dans le systeme a memoire auxiliaire ou 
ils sont proteges contre toute modification. Le systeme de securite 
refuse l 1 acces a des utilisateurs dont les criteres d 1 entree ne sont pas 
valides et refuse 1' ecriture de donnees dans le dispositif de stockage 
par fichier lorsque des operations non autorisees ont ete effectuees. 
Lorsque des infractions de ce type ont ete commises, le systeme de 
securite peut verrouiller 1 1 ordinateur et empecher toute activite future 
jusqu'a sa liberation par introduction d'un mot de passe maitre introduit 
par le personnel de supervision ou de securite. Le systeme maintient une 
zone protegee dans le dispositif a memoire de 1 ! ordinateur ou, parmi 
d f autres donnees, des signatures de fichiers de tous les fichiers valides 
sont retenues . La zone protegee de la memoire maintient egalement des 
signatures appropriees de tous les fichiers internes dans le systeme de 
securite de maniere a pouvoir controler automatiquement leur integrite. 

Fulltext Availability: 
Detailed Description 
Claims 

English Abstract 

...has hardware elements, including a programmable auxiliary memory and 
control unit along with associated software elements. The security 
subsystem is installed on the host computer bus so that it resides in 
the control logic, address, and... 

...to users with invalid entry criteria and refuse to write data to the 
file storage device when unauthorized operations have been performed. 
When breaches of these types occur the security system can lock the 
computer. . . 

. . .maintains appropriate signatures of all internal files in the security 
system so that they can be automatically checked for integrity. 

Detailed Description ' 
. . . main bus in similar 

fashion is an encryption/unencryption device. It is emphasized here 


that the file security subsystem m not, nor is it i^P^ny way 

analogous , 

to an encryption device. It may include an... 
.13084 PCT/US90/02113 

Operation of the File Security System 

During startup, the file security system will check the files 
associated with the operating system for consistency. This is done by 
comparing the file signatures... 

.portion of memory within the file storage device 

that ig inaccessible to the operating system, The same check can be 
made for any change in file signature of all executable files. As was 
noted earlier . . . 

aim 

control logic, address and data signals; 
supplying operating system software for said computer; 
further providing a file security subsystem for said digital 
computer, said security subsystem further comprising a programmable 
auxiliary memory and control unit attachable to the host computer bus in 
a . . . 

.control logic, address, and data 

5 signal path between said storage device and central processing unit, 
said security subsystem being accessible by the computer operating 
system for initialization and modification only during an installation 
stage of the security subsystem but following said installation 
stage, 

during computer system operation, the security subsystem is 

inaccessible 

to or by the operating system, 

the auxiliary memory system being adapted for receiving and. . . 

.to users with invalid entry criteria and refusing to write data to the 
file storage device when unauthorized operations have been performed. 
4 ' ' " 


